Hi There,
When I execute "windows_security_product...
# generale
ET
12/20/2020, 4:21 PMHi There,
When I execute "windows_security_products" or "windows_security_center" table on windows server I got "error" values or nothing because the WSCAPI.dll is not present on Windows Server.
I got exit code 0 (success) in both cases, Why in such a situation do I not get a exit code 1 or something (failure)?
t
terracatta
12/20/2020, 4:24 PM
Hi @ET neither of these tables work on Windows Server. We aren't sure why Microsoft does not allow this API on that specific platform. Even copying the DLL from a normal Windows 10 computer does not work.
terracatta
12/20/2020, 4:25 PM
As for the exit code, I do not believe osquery will return a non-zero exit code for en errored query when the query is specified on the commany line
terracatta
12/20/2020, 4:25 PM
Although I agree that is a good idea
e
ET
12/20/2020, 4:40 PMThanks @terracatta !
For example - If the table is not exists I got exit code 1
Copy code
Error: no such table: windows_security_productssssss
EXIT_CODE: 1ET
12/20/2020, 4:41 PMSo I got non-zero exit code when the query is specified on the command line
t
terracatta
12/20/2020, 4:41 PM
Yeah it is definitely inconsistent. In this case you have a SQLite error, but in the case of the windows table, no error is thrown and instead a warning is logged and the table returns no results.
terracatta
12/20/2020, 4:42 PM
There are a number of tables in osquery that will return 0 results when something goes wrong under the hood like tha
terracatta
12/20/2020, 4:42 PM
I agree though that in an ideal world this specific problem would produce a more explicit error
terracatta
12/20/2020, 4:42 PM
vs a silent warning
e
ET
12/20/2020, 4:43 PMOh okay, now I understand your intent, thanks again