JB
01/16/2019, 4:25 PMHostname:osquery root# sudo osqueryctl start --config_path=/var/osquery/osquery.conf
I0116 16:22:03.214370 2890367872 database.cpp:564] Checking database version for migration
Error reading config: Error parsing the config JSON
This is my osquery.conf:
Hostname:osquery root# cat osquery.conf
{
"options": {
"config_plugin": "/var/osquery/osquery.conf",
"logger_plugin": "filesystem",
"logger_path": "/var/log/osquery",
"disable_logging": "false",
"schedule_splay_percent": "10",
"database_path": "/var/osquery/osquery.db",
#"disable_tables": "foo_bar,time",
"utc": "true"
},
"schedule": {
"system_info": {
"query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;",
"interval": 3600
},
"usb_devices": {
"query": "SELECT vendor, model FROM usb_devices;",
"interval": 60
}
},
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT user AS username FROM logged_in_users ORDER BY time DESC LIMIT 1;"
]
},
# Linux: /usr/share/osquery/packs
# OS X: /var/osquery/packs
# Homebrew: /usr/local/share/osquery/packs
# make install: {PREFIX}/share/osquery/packs
"packs": {
# "osquery-monitoring": "/usr/share/osquery/packs/osquery-monitoring.conf",
# "incident-response": "/usr/share/osquery/packs/incident-response.conf",
# "it-compliance": "/usr/share/osquery/packs/it-compliance.conf",
# "osx-attacks": "/usr/share/osquery/packs/osx-attacks.conf",
# "vuln-management": "/usr/share/osquery/packs/vuln-management.conf",
# "hardware-monitoring": "/usr/share/osquery/packs/hardware-monitoring.conf",
# "ossec-rootkit": "/usr/share/osquery/packs/ossec-rootkit.conf",
# "windows-hardening": "C:\\ProgramData\\osquery\\packs\\windows-hardening.conf",
# "windows-attacks": "C:\\ProgramData\\osquery\\packs\\windows-attacks.conf"
},
}
Any ideas?Alan
01/17/2019, 6:44 PMJB
02/06/2019, 12:36 PM