Are you using evented tables on Windows?
# generala
alessandrogario
06/24/2019, 8:18 AM
Are you using evented tables on Windows?
p
Prakhar
06/24/2019, 9:07 AMHi,
Yes, I have configured just one event based table - ‘powershell_events’. Although I don’t expect any such events simply coz it’s a test machine and there’s no process/user generating such events.
a
alessandrogario
06/24/2019, 9:08 AM
I see; are you using an old database? Can you restart it again with --verbose and see if it prints anything?
p
Prakhar
06/24/2019, 9:15 AMI did not tweak the default database path , I guess it should be in ’C:\ProgramData\osquery\…’. Just before installing 3.4.0 , v3.3.2 osquery was running on that machine. I didn’t want to restart it coz I want to understand the root cause otherwise I might encounter this issue again in future.
I’ve configured it as a service manually and executable is placed in a custom directory.
Prakhar
06/24/2019, 9:15 AMDo you think it might be the issue due to old database files ?
a
alessandrogario
06/24/2019, 9:16 AM
I really don’t know, I was just wondering
p
Prakhar
06/24/2019, 10:27 AMok 🙂