```root ychaouche PC 13 53 10 ~ osqueryd verbose I0720 13 53 osquery #general

```root#ychaouche-PC 13:53:10 ~ # osqueryd --verb...
Yassine CHAOUCHE
07/20/2022, 12:54 PM
Copy code
root#ychaouche-PC  13:53:10 ~ # osqueryd --verbose
I0720 13:53:31.541921 24652 init.cpp:363] osquery initialized [version=5.3.0]
I0720 13:53:31.542140 24652 system.cpp:390] Writing osqueryd pid (24652) to /var/run/osqueryd.pidfile
I0720 13:53:31.542264 24652 extensions.cpp:453] Could not autoload extensions: Cannot open file for reading: /etc/osquery/extensions.load
I0720 13:53:31.542379 24652 dispatcher.cpp:78] Adding new service: WatcherRunner (0x560368cffa18) to thread: 139940879791872 (0x560368c985a0) in process 24652
I0720 13:53:31.543812 24653 watcher.cpp:674] osqueryd watcher (24652) executing worker (24654)
I0720 13:53:31.557133 24654 init.cpp:360] osquery worker initialized [watcher=24652]
I0720 13:53:31.557353 24654 dispatcher.cpp:78] Adding new service: WatcherWatcherRunner (0x55910dd436c8) to thread: 140281252464384 (0x55910dd4c9b0) in process 24654
I0720 13:53:31.557462 24654 rocksdb.cpp:132] Opening RocksDB handle: /var/osquery/osquery.db
I0720 13:53:32.138518 24654 dispatcher.cpp:78] Adding new service: ExtensionWatcher (0x55910de2ccd8) to thread: 140280602814208 (0x55910dd58360) in process 24654
I0720 13:53:32.138625 24654 dispatcher.cpp:78] Adding new service: ExtensionRunnerCore (0x55910de042a8) to thread: 140280611206912 (0x55910dd58340) in process 24654
I0720 13:53:32.138716 24654 auto_constructed_tables.cpp:99] Removing stale ATC entries
I0720 13:53:32.138722 24768 interface.cpp:299] Extension manager service starting: /var/osquery/osquery.em
I0720 13:53:32.169941 24654 eventfactory.cpp:156] Event publisher not enabled: BPFEventPublisher: Publisher disabled via configuration
I0720 13:53:32.170172 24654 eventfactory.cpp:156] Event publisher not enabled: auditeventpublisher: Publisher disabled via configuration
I0720 13:53:32.170205 24654 eventfactory.cpp:156] Event publisher not enabled: inotify: Publisher disabled via configuration
I0720 13:53:32.170230 24654 eventfactory.cpp:156] Event publisher not enabled: syslog: Publisher disabled via configuration
I0720 13:53:32.183421 24654 events.cpp:70] Skipping subscriber: apparmor_events: Subscriber disabled via configuration
I0720 13:53:32.197979 24654 eventsubscriberplugin.cpp:492] Found 1 events for subscriber udev.hardware_events
I0720 13:53:32.231513 24654 eventsubscriberplugin.cpp:492] Found 759 events for subscriber auditeventpublisher.process_events
I0720 13:53:32.231659 24654 events.cpp:70] Skipping subscriber: process_file_events: Subscriber disabled via configuration
I0720 13:53:32.232661 24654 events.cpp:70] Skipping subscriber: seccomp_events: Seccomp subscriber disabled via configuration
I0720 13:53:32.233608 24654 events.cpp:70] Skipping subscriber: selinux_events: Subscriber disabled via configuration
I0720 13:53:32.246840 24654 eventsubscriberplugin.cpp:492] Found 1008 events for subscriber auditeventpublisher.socket_events
I0720 13:53:32.246949 24654 events.cpp:70] Skipping subscriber: socket_events: Subscriber disabled via configuration
I0720 13:53:32.249785 24654 eventsubscriberplugin.cpp:492] Found 110 events for subscriber auditeventpublisher.user_events
I0720 13:53:32.298410 24654 main.cpp:104] Not starting the distributed query service: Distributed query service not enabled.
I0720 13:53:32.298446 24769 eventfactory.cpp:390] Starting event publisher run loop: udev
I0720 13:53:32.298477 24654 dispatcher.cpp:78] Adding new service: SchedulerRunner (0x55910df6a828) to thread: 140281139685120 (0x55910e01aa20) in process 24654
I0720 13:53:41.300858 24770 scheduler.cpp:119] Executing scheduled query net.connexions: SELECT action, cmdline, socket_events.status, remote_address, remote_port, local_port, datetime(socket_events.time,'unixepoch') as time, socket_events.time as epoch FROM socket_events JOIN process_events ON socket_events.pid = process_events.pid WHERE remote_address NOT IN ('127.0.0.1');
2 Views
Open in Slack
Previous Next