We are facing issue on MAC with OSQuery agent 4.x,...
# macosp
Premkumar R
03/26/2020, 1:00 PMWe are facing issue on MAC with OSQuery agent 4.x, It is not returning any values for cmdline.
I saw a open issue for windows, where windows agent is not able to grasp cmdline from PPL. Is this issue exists in MAC agent too? could please let me know the root cause of this issue
Is there any workaround to fix this issue?
Copy code
osquery> select pid, name, start_time, cmdline from processes Limit 15;
+-----+----------------+------------+---------+
| pid | name | start_time | cmdline |
+-----+----------------+------------+---------+
| 0 | kernel_task | 1584971117 | |
| 1 | launchd | 1584971117 | |
| 42 | syslogd | 1584971127 | |
| 43 | UserEventAgent | 1584971127 | |
| 45 | sh | 1584971127 | |
| 47 | uninstalled | 1584971127 | |
| 48 | kextd | 1584971127 | |
| 49 | fseventsd | 1584971127 | |
| 51 | jamf | 1584971127 | |
| 52 | vpnagentd | 1584971127 | |
| 57 | appleeventsd | 1584971127 | |
| 58 | systemstats | 1584971127 | |
| 60 | configd | 1584971127 | |
| 62 | ciscod | 1584971127 | |
| 63 | powerd | 1584971127 | |
+-----+----------------+------------+---------+s
seph
03/26/2020, 1:20 PM
Please keep questions to a single channel. It's mostly all the same people, pick which ever one you think is appropriate.
p
Premkumar R
03/26/2020, 1:21 PMok
6 Views