@p2 those errors are rare, but! You most likely have something turning on events, if you're on Linux then a

/etc/osquery/osquery.flags

or

/etc/osquery/osquery.flags.default

with a

--nodisable_events

or

--disable_events=false

will enable the event publishers for the shell. A config could also turn them on,

--config_dump

will write the config JSON. Next, why are the events failing? Those are all

pipe

-based to some API that is privileged on the OS, so you could be running as a restricted user, or have cgroups limiting the binary's permissions?

Saw exactly the same error. Stuck for a couple of days and finally figured out what was wrong. The issue is I have

auditd

running on my centos7 server as well, which steals all the events need to be sent to osquery. After I disabled

auditd

, everything works properly. I know this is old, but still wanna leave a message here in case anybody else has the same issue.