Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
j
JB
01/16/2019, 4:25 PMso I’m trying to start the daemon on my MacOS:
Hostname:osquery root# sudo osqueryctl start --config_path=/var/osquery/osquery.conf
I0116 16:22:03.214370 2890367872 database.cpp:564] Checking database version for migration
Error reading config: Error parsing the config JSONHostname:osquery root# cat osquery.conf
{
"options": {
"config_plugin": "/var/osquery/osquery.conf",
"logger_plugin": "filesystem",
"logger_path": "/var/log/osquery",
"disable_logging": "false",
"schedule_splay_percent": "10",
"database_path": "/var/osquery/osquery.db",
#"disable_tables": "foo_bar,time",
"utc": "true"
},
"schedule": {
"system_info": {
"query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;",
"interval": 3600
},
"usb_devices": {
"query": "SELECT vendor, model FROM usb_devices;",
"interval": 60
}
},
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT user AS username FROM logged_in_users ORDER BY time DESC LIMIT 1;"
]
},
# Linux: /usr/share/osquery/packs
# OS X: /var/osquery/packs
# Homebrew: /usr/local/share/osquery/packs
# make install: {PREFIX}/share/osquery/packs
"packs": {
# "osquery-monitoring": "/usr/share/osquery/packs/osquery-monitoring.conf",
# "incident-response": "/usr/share/osquery/packs/incident-response.conf",
# "it-compliance": "/usr/share/osquery/packs/it-compliance.conf",
# "osx-attacks": "/usr/share/osquery/packs/osx-attacks.conf",
# "vuln-management": "/usr/share/osquery/packs/vuln-management.conf",
# "hardware-monitoring": "/usr/share/osquery/packs/hardware-monitoring.conf",
# "ossec-rootkit": "/usr/share/osquery/packs/ossec-rootkit.conf",
# "windows-hardening": "C:\\ProgramData\\osquery\\packs\\windows-hardening.conf",
# "windows-attacks": "C:\\ProgramData\\osquery\\packs\\windows-attacks.conf"
},
}a
Alan
01/17/2019, 6:44 PMI suspect its you last ,
change this
attacks.conf"
},
}
to this
attacks.conf"
}
}
that will make it valid json
j
JB
02/06/2019, 12:36 PMgot it all working…thanks @Alan