Has anyone had a host just not pickup a query pack...
# fleetm
Mystery Incorporated
10/18/2021, 2:22 PMHas anyone had a host just not pickup a query pack? So like it's been assigned into the MS Windows label, but it's not being given the query pack for windows hosts...
t
Tomas Touceda
10/18/2021, 2:46 PMare you running osqueryd with
--versbose --tls_dumpm
Mystery Incorporated
10/18/2021, 3:19 PMI fixed it, it seems that some how the host thought it had both osquery 4.9 and 5.0.1 installed at the same time, dunno why
Mystery Incorporated
10/18/2021, 3:19 PMBut it caused big problems, it was reporting osquery as a no binary on disk process, wouldn't get assigned a pack etc, anyway I totally scrubbed osquery and reinstalled it and that fixed it
Mystery Incorporated
10/18/2021, 3:20 PMoh and I purged the software, software_cpe and software_cve tables in the db
t
Tomas Touceda
10/18/2021, 3:54 PMglad you figured it out!
5 Views