I ran into a problem earlier today running this query from akamai https://www.akamai.com/blog/security-research/openssl-vulnerability-how-to-effectively-prepare#:~:text=vendors%20as%20we[…]ow%3F,-While%20there%20is to find vulnerable openssl versions on osquery 4.8.0 causing all of the servers queried to use large amounts of memory that was not released till the server was restarted. I'm trying to figure out if the osquery watchdog process is enabled by default and if it just failed to terminate the process? Or is watchdog something that has to be enabled. Also i think this yara bug was fixed in 5.4.0 which I need to upgrade to. Mainly just trying to figure out the root cause.

The watchdog is enabled by default, you will have to use the flag

--disable_watchdog=true

to disable completely, although it is recommended to just set the level to

-1

with the flag

--watchdog_level=-1

@javuto I wanted the watchdog to kill the process. It failed to do that which caused out of memory issues on the servers osquery was running on =/ I will upgrade the clients though.