I m trying to troubleshoot where or not osquery is sending i

Question

I m trying to troubleshoot where or not osquery is sending info to a kinesis stream but there doesn t appear to be anything in ` var log osquery` Running the `osqueryd` command with ` ephemeral` doesn t clearly say there is anything wrong but it seems to chock on loading extensions and creating a socket Is that expected behavior

zwass · Answer

That can be expected if the extensions autoload file doesn t exist and or the process doesn t have permissions to create the socket

zwass · Answer

I would try running your exact same osqueryd command with ` verbose` added and see what the output looks like

zwass · Answer

Consider making ` logger plugin=aws kinesis filesystem` so that you get logging also to the filesystem

Zach Zeid · Answer

So that means that an extensions file needs to exist somewhere I don t see a reference inthe docs

zwass · Answer

It doesn t need to you ll just get an error about autoloading extensions if it doesn t

Zach Zeid · Answer

Ok thank you that answers my question