https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
s

sanjaykcse

03/05/2021, 10:41 AM
I am getting peculiar issue with osquery daemon. In my setup , osquery daemon is taking to fleet and configure to send log/results to fleet. If fleet is down or there is no connectivity between fleet and osqueryd for 3- mins to 1hr , the worker thread is getting segfault and core dumps continuously . If I set logger_plugin to filesystem , fleed does not receive results also . Any suggestion , how to fix this ?
👀 1
I seems the worker thread is not starting and getting SIGSEGV again and again ( due to some resource limit ????) warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available. Core was generated by `osquery                         '. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00005558cba9552d in ?? () [Current thread is 1 (LWP 6886)] (gdb) bt #0 0x00005558cba9552d in ?? () #1 0x00005558cbad13fa in ?? () #2 0x00005558cbad205f in ?? () #3 0x00005558cbad1f24 in ?? () #4 0x00005558cbad1b0e in ?? () #5 0x00005558cbad6867 in ?? () #6 0x00005558cc77d799 in ?? () #7 0x00005558cc6de1da in ?? () #8 0x00005558cc6dc313 in ?? () #9 0x00005558cc6b25ba in ?? () #10 0x00005558cc6b0f97 in ?? () #11 0x00005558cc6b0d88 in ?? () #12 0x00005558cc580044 in ?? () #13 0x00005558cbb89b78 in ?? () #14 0x00005558cbb8a0f2 in ?? () #15 0x00005558cbb897ff in ?? () #16 0x00007f9b70346a97 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #17 0x00005558cba45029 in ?? () #18 0x00007ffee2524648 in ?? () #19 0x000000000000001c in ?? () #20 0x0000000000000005 in ?? () #21 0x00007ffee2524ae3 in ?? () #22 0x00007ffee2524aeb in ?? () #23 0x00007ffee2524af3 in ?? () #24 0x00007ffee2524af7 in ?? () #25 0x00007ffee2524b02 in ?? () #26 0x0000000000000000 in ?? ()
flags: --enroll_secret_path=/etc/osquery/cert/secret --tls_server_certs=/etc/osquery/cert/serv.crt --tls_hostname=< fleet URL>:8080 --config_refresh=10 --logger_plugin=tls --logger_tls_endpoint=/api/v1/osquery/log --logger_tls_period=10 --database_path=/tmp/osquery.db --pidfile=/tmp/osquery.pid --host_identifier=uuid --force=true --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_tls_refresh=30 --disable_distributed=false --distributed_interval=3 --distributed_plugin=tls --config_tls_max_attempts=3 --distributed_tls_max_attempts=3 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --hash_delay=20 --pack_refresh_interval=60 --schedule_splay_percent=20 --table_delay=20 --enroll_tls_endpoint=/api/v1/osquery/enroll --disable_watchdog=false --watchdog_delay=120 --watchdog_level=1 --watchdog_memory_limit=100 --watchdog_utilization_limit=5 --buffered_log_max=10000 --tls_dump=true --verbose
seems this got fixed recently https://github.com/osquery/osquery/issues/6887 by @theopolis
10 Views
Powered by