Actually now I realize I'm using fleet instead of the local filesystem for conf - that must be the issue?

Now I switched to local filesystem conf, at first my config wouldn't parse due to clumsy edits - but new tables were working via direct queries from fleet. Now that I've gotten the config fixed I get this error:

E0501 11:02:56.950307  8236 init.cpp:593] Cannot activate filesystem logger plugin: Could not create file: \ProgramData\osquery\log\osqueryd.results.log

. Guessing this is due to also using Fleet TLS for logging - maybe using fleet along with this extension isn't really going to work? Does the extension depend on using the local filesystem plugins for config and logging?

can you please check if not then create the folder manually

also make sure that you are running osquery

3.2.6

this is a sample config for local filesystem https://github.com/polylogyx/osq-ext-bin/blob/master/osquery.flags

infact when u would be running and switch between shell and as a service u would be facing permission for db, that's very common in the beginning too.

the soln to that prob is to either point to a diff db in ur flagsfile or takeownership of the folder or remove it altogether, if u r just experimenting.