https://github.com/osquery/osquery logo
Powered by
#eclecticiq-polylogyx-extension
Title
# eclecticiq-polylogyx-extension
y

YehonatanShami

04/30/2019, 12:44 PM
And has anyone experienced the extension crashing with error
Copy code
Extension respawning too quickly: C:\ProgramData\osquery\plgx_win_extension.ext.exe
Created and monitoring child (20340): C:\ProgramData\osquery\plgx_win_extension.ext.exe
Refusing to reister duplicate extension plgx_win_extension
Duplicate extension registered
Then the extension re-initializes
o

OpenPlgx

04/30/2019, 12:55 PM
curious to know more on this. Anything specific that you can recall which led to this state?
y

YehonatanShami

04/30/2019, 2:10 PM
Not yet, only that it happends both with osqueryd and osqueryi after running for a certain amount of time, only that osqueryd doesn't reload the extension
Any news about this?
m

manu

05/13/2019, 7:59 AM
running osqueryd and osqueryi with config to launch the plgx extension, is not supported. as only 1 instance of the extn process can be executing at anytime and that is detected and flagged.
If one needs to have a shell for testing/experimentation then 
c:\ProgramData\osquery\osqueryd\osqueryd.exe -S --flagfile=C:\ProgramData\osquery\osquery.flags
this could be handy.
as the default installation and use case for launching and monitoring would be running in daemon mode (service)
8 Views
Powered by