Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
a
AoS
07/02/2019, 11:47 AMAlso, does the watchdog only keeps the service in check as far as CPU and RAM or is it also supposed to reinitialize it when the process is down?
p
packetzero
07/02/2019, 4:41 PMwatchdog run in separate process. So if CPU and RAM of the child process are over limit for 12 seconds or so, watchdog will kill the child process. So yes, the resource usage goes away, but so does the process. Watchdog will restart another child process. Usually, if the child process was executing a query when killed, that query gets blacklisted for 24-hours... and the logging does not make that clear.
a
AoS
07/03/2019, 8:05 AMIn a case where the process was terminated not by the watchdog, will it restart a new child process?
and is there a way to know if an osqueryd process is the watchdog or process itself?
p
packetzero
07/03/2019, 2:19 PMwhich is watchdog? the parent process. You can also look at memory usage... usually less for watchdog.
Will it restart the child? yes
a
AoS
07/07/2019, 10:52 AMGreat, thanks