mcantu06/29/2022, 10:15 PM
). it had been working fine for a couple years, but i recently started seeing the following in the logs:
i confirmed that the cert has not expired. despite the log line saying that logs were successfully sent, they do not actually end up in aws_firehose. i found this bug, which appears to be related. the bug has been closed, but i guess the fix won’t hit until milestone 5.4.0? while waiting for 5.4.0 to be released, do i need to downgrade to 5.2.3? is there anything else i can do in the meantime?
<snip> aws_util.cpp:223] Exception making HTTP POST request to URL (<https://firehose>.<region>.<http://amazonaws.com|amazonaws.com>): certificate verify failed <snip> aws_log_forwarder.h:219] aws_firehose: Successfully sent 1 out of 1 log records
Stefano Bonicatti06/30/2022, 12:05 PM
mcantu06/30/2022, 3:33 PM
i ended up blowing away the entire
$ sudo osqueryctl start I0629 22:22:01.838433 2265 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1846] Persisting Option File error: OK I0629 22:22:01.838570 2265 rocksdb.cpp:149] Rocksdb open failed (4:0) Invalid argument: Column families not opened: distributed I0629 22:22:02.039718 2265 rocksdb.cpp:67] RocksDB: [WARN] [db/db_impl/db_impl_open.cc:1846] Persisting Option File error: OK I0629 22:22:02.039856 2265 rocksdb.cpp:149] Rocksdb open failed (4:0) Invalid argument: Column families not opened: distributed <snip>
. then i was able to start osqueryd successfully. is there a better way to resolve the errors above?
$ sudo rm -Rf /var/osquery/osquery.db
? i see on this page that
has a due date of today (June 30). i also see that it’s only 36% complete at the moment. i haven’t really looked at the milestone pages before, so i’m not sure how often milestones are actually released on/around their target date? does the % complete matter, or is the deadline my important?
seph06/30/2022, 3:53 PM