Also, does the watchdog only keeps the service in ...
# generala
AoS
07/02/2019, 11:47 AMAlso, does the watchdog only keeps the service in check as far as CPU and RAM or is it also supposed to reinitialize it when the process is down?
p
packetzero
07/02/2019, 4:41 PMwatchdog run in separate process. So if CPU and RAM of the child process are over limit for 12 seconds or so, watchdog will kill the child process. So yes, the resource usage goes away, but so does the process. Watchdog will restart another child process. Usually, if the child process was executing a query when killed, that query gets blacklisted for 24-hours... and the logging does not make that clear.
a
AoS
07/03/2019, 8:05 AMIn a case where the process was terminated not by the watchdog, will it restart a new child process?
AoS
07/03/2019, 8:25 AMand is there a way to know if an osqueryd process is the watchdog or process itself?
p
packetzero
07/03/2019, 2:19 PMwhich is watchdog? the parent process. You can also look at memory usage... usually less for watchdog.
Will it restart the child? yes
a
AoS
07/07/2019, 10:52 AMGreat, thanks
2 Views