Hi team, is this normal when you run osquery in Ubuntu

root     23309  0.0  0.4 126996 18400 ?        SNsl Jun11   1:40 /usr/bin/osqueryd --flagfile /etc/osquery/osquery.flags --config_path /etc/osquery/osquery.conf
root     23313  0.0  0.0      0     0 ?        ZNl  Jun11   0:07 [osqueryd] <defunct>

That might happen for a moment, if the watchdog is stopping the watched process. But if it remains defunct for a while that is unexpected.

eii… i got the problem or at least i think, i found that some fim rules didn’t work well like /lib/%%, i had to put just one wildcard