Hello everyone. I downloaded test malware files from 'theZoo' repository, and made YARA signatures for them. Now, when I am trying to implement YARA scanning through osquery and Kolide Fleet, it is giving me the following error (picture attached). This error is occuring only when I am trying to search in relatively large directories, else it is working. PS: I have tried increasing watchdog_memory_limit.

Interesting, I can take a look at the potential error when reporting the scheduler run time delta. Though this also may be fixed in a newer osquery version. To help debug the issue causing the scheduler to end, can you re-run with

--verbose

?

How can I update osquery 4.5.1 to 4.6.0? I cannot find any guide to install osquery 4.6.0 as a service.

Can you show us the output of using

--verbose

before upgrading? You can download the newest packages here: https://osquery.io/downloads/official/4.6.0

The query is working sometimes, and sometimes it is returning this error :(( PS: I have used --verbose this time

Is it possible to copy and paste in the entire output?

Are you setting

schedule_timeout

to something that is not 0 in your Fleet configuration?

Yes, what should I make it?

Ah, then I think that is the issue. Keep that 0 unless you are doing something really specialized.