Hello I m trying to run a couple differential packs in fleet

Question

Hello I m trying to run a couple differential packs in fleet and one of them is always returning with epoch and counter set to 0 could anyone take a look Details in thread please let me know if there s a more appropriate place to put this github diff slack channel etc

ccombs · Answer

These are the queries contained in the pack that does seem to have counter properly incrementing `select name publisher type subscriptions events active from osquery events ` `select i p resident size p user time p system time time minutes as counter from osquery info i processes p time where p pid = i pid ` `select name interval executions output size wall time user time executions as avg user time system time executions as avg system time average memory last executed from osquery schedule ` `select osquery version from osquery info osquery ` this one is a snapshot so no diff The other pack always has both epoch and counter set to 0 This is the only query it contains `SELECT FROM crontab` My fleetdm version is 3 6 0 My osqueryd version is 3 2 6 Let me know if there are any other details I can provide that would be helpful Sorry I ve been asking so many questions lately my goal is to start contributing to this project but I ve never contributed to open source before slightly smiling face

zwass · Answer

We are here for questions slightly smiling face Can you run osqueryd with ` verbose tls dump` and see whether osquery is writing logs with values you expect We want to try to isolate the issue to Fleet or osquery

ccombs · Answer

After testing the issue on a single machine it does seem to be working properly I m going to try to isolate the issue a little better on other machines which are having issues I ll update this thread if I find something useful