As soon as I change it back to the original, it st...
# generalz
zen
01/08/2019, 1:21 AMAs soon as I change it back to the original, it stops working.
p
packetzero
01/08/2019, 1:33 AMcheck all your config and packs for same name? Maybe it's defined elsewhere and it's overriding it.
z
zwass
01/08/2019, 1:44 AM
Also, is it running in differential or snapshot mode? If it's running in differential mode you should expect to only see each result logged once.
z
zen
01/08/2019, 1:50 AMI actually only have that one running to narrow it down, so I don't think it's a name collision.
zen
01/08/2019, 1:50 AMIt's differential but it stops completely. When I change the query name, it behaves the way I'd expect (there are new network connections often).
zen
01/08/2019, 1:51 AMI even changed the database_path (and restarted osqueryd) and it still doesn't work.
zen
01/08/2019, 1:51 AMIs there any state stored outside of the DB?
z
zwass
01/08/2019, 1:55 AM
There should not be any state stored outside the DB.
2 Views