Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
f
Fran Rodríguez
06/18/2020, 4:08 PMHi someone know what this means:
I0618 16:07:50.096029 13511 auditdnetlink.cpp:616] Failed to acquire the netlink handles
sundsta
06/18/2020, 4:09 PMUsually it means osqueryd doesn’t have the permissions required to modify the audit settings (EG: not running as root or not having
CAP_AUDIT_CONTROLThe lines preceding that should give you more info
f
Fran Rodríguez
06/18/2020, 4:12 PM👌
It is running as a root
i see your ticket https://github.com/osquery/osquery/issues/6121
but im running osquery as root
this is ubuntu 16.04