Hi Fleet peeps I spotted after upgrading to Fleet 4 22 1 tha

Question

Hi Fleet peeps I spotted after upgrading to Fleet 4 22 1 that our custom osquery extension which provides a new virtual table called `de metadata` stopped working in queries where we try to use it we get an error `vtable constructor failed de metadata` Is there a known issue with custom extensions for osquery We re using osquery 5 3 0

Kathy Satterlee · Answer

Hey < Ryan> The osquery logs on your hosts might have some helpful information here about why that extension isn t loading properly Here s a debugging guide for osquery that should be helpful

zwass · Answer

This seems unlikely to be related to the Fleet update Nothing has changed recently about how a live query would be sent to osquery Has anything changed about your osquery version your extension or how you deploy them recently

Ryan · Answer

Hi yeah I wasn t sure if it could be but then I wondered if it was trying to look up metadata about the virtual table but not finding it since the table isn t part of the normal osquery schema

Ryan · Answer

Notably it works if I run `osqueryi` locally on one of the hosts the extension loads and I can query the contents of our new table

Ryan · Answer

Ok so further debugging I don t see any errors logged but during a test on one of the hosts I restarted osqueryd and the custom table is working again now thinking face

Ryan · Answer

very unusual but seems like an osquery issue and nothing to do with Fleet at all so sorry for the false alarm