https://github.com/osquery/osquery logo
Join Slack
Powered by
Hello everyone! I seem to have problem with `syslo...
# general
l
Hello everyone! I seem to have problem with 
syslog
table not being populated. I followed steps in issue #1964 and i can see 
logger
output in 
cat
. My version is 3.3.2 (from apt get) Here is the snippet:
z
Have you tried the debugging steps here? https://github.com/facebook/osquery/issues/1964
l
Yep, i did. There are no errors in verbose mode output. 
rsyslogd
is able to write to the pipe (i saw logger output in another shell with cat) What would you recommend to try next?
z
Is anything else listening to the pipe? 
cat
in another shell? Another osquery process?
y
I've got the same issue. No other processes apart of 
osqueyi
and 
rsyslogd
are listening to the pipe but 
select * from syslog_events
returns nothing. If I cat the pipe its' output is not empty though.
syslog_pipe.txt
l
@zwass so, if i get things right issue #4810 is where the problem was discovered. Do you think we can fix this issue by applying commit #5232 to the current state?
z
It seems some folks are having success by patching the code. I would give #5232 a shot.
3 Views
Open in Slack
PreviousNext
Powered by