From gt We are seeing this random issue on servers ha

Question

From < aby> gt We are seeing this random issue on servers having 4 6 version installed being unresponsive after a while from fleet using live queries 4 5 1 is working fine without any issues I went on the server and did a restart of the agent and it started back up but then it went back to being non responsive again Verbose TLS logging on agent side wont show anything since it was restarted

zwass · Answer

Does this happen for any live query or is it a specfic query that causes it

aby · Answer

Any live query

zwass · Answer

Can you try running osqueryd with ` verbose tls dump` and then triggering the issue

aby · Answer

Problem here is that when we do that it basically starts fresh and becomes responsive I can try leaving it for a while and see if issue re occurs

zwass · Answer

Yeah the best thing to do would be to restart the agent with those flags and then run a live query to try to trigger the issue

terracatta · Answer

< aby> what OS

aby · Answer

```CentOS Linux release 7 9 2009 Core ```

terracatta · Answer

What is an example Live Query that causes osquery to hang

aby · Answer

Basically any query `SELECT FROM osquery info ` amp it starts back up after agent restart I have enabled verbose logging right now and it s working for far I will keep on monitoring

theopolis · Answer

I would like to release 4 6 to the repos Any confidence that this only effects 4 6

zwass · Answer

FWIW I m unable to reproduce this with osquery 4 6 0 running in a centos 7 9 container I ve run a dozen or so live queries over the course of half an hour and seen no issues < aby> have you been able to reproduce it with the verbose logging

zwass · Answer

cc < seph>