those errors are rare but You most likely have somethi

Question

< p2> those errors are rare but You most likely have something turning on events if you re on Linux then a ` etc osquery osquery flags` or ` etc osquery osquery flags default` with a ` nodisable events` or ` disable events=false` will enable the event publishers for the shell A config could also turn them on ` config dump` will write the config JSON Next why are the events failing Those are all `pipe` based to some API that is privileged on the OS so you could be running as a restricted user or have cgroups limiting the binary s permissions

cc · Answer

Saw exactly the same error Stuck for a couple of days and finally figured out what was wrong The issue is I have `auditd` running on my centos7 server as well which steals all the events need to be sent to osquery After I disabled `auditd` everything works properly I know this is old but still wanna leave a message here in case anybody else has the same issue