Am I correct to interpret that Launcher does not t...
# kolidez
zwass
01/26/2021, 4:58 PM
Am I correct to interpret that Launcher does not transmit the error message as part of distributed query results? It looks like it uses this type (https://github.com/osquery/osquery-go/blob/master/plugin/distributed/distributed.go#L40-L48) which does not have the error message.
t
terracatta
01/26/2021, 5:10 PM
Yes that is correct
terracatta
01/26/2021, 5:11 PM
Our product pulls all messages out of the status log and aligns them with the live queries across all devices
terracatta
01/26/2021, 5:12 PM
Having them in the live query response would be great, but we need to read the status log anyway for other reasons during the LQ processing so even if we added it, it wouldn't change the code too much on our side.
z
zwass
01/26/2021, 5:23 PM
Got it. Thank you.
t
terracatta
01/26/2021, 5:45 PM
yw, zach. If you plan on submitting a PR to improve it and want to discuss the particulars, happy to do so.
z
zwass
01/26/2021, 5:49 PM
Kk will do. I'm not sure how much work it would be to expose it from there. I'll file an issue to discuss if we decide to try to tackle it. Thanks!
s
seph
01/26/2021, 6:15 PM
I’ve been meaning to revisit that after the error message got added to osquery. But it hasn’t bubbled up. Ideas welcome 🙂
4 Views