Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
z
zwass
01/26/2021, 4:58 PMAm I correct to interpret that Launcher does not transmit the error message as part of distributed query results? It looks like it uses this type (https://github.com/osquery/osquery-go/blob/master/plugin/distributed/distributed.go#L40-L48) which does not have the error message.
t
terracatta
01/26/2021, 5:10 PMYes that is correct
Our product pulls all messages out of the status log and aligns them with the live queries across all devices
Having them in the live query response would be great, but we need to read the status log anyway for other reasons during the LQ processing so even if we added it, it wouldn't change the code too much on our side.
z
zwass
01/26/2021, 5:23 PMGot it. Thank you.
t
terracatta
01/26/2021, 5:45 PMyw, zach. If you plan on submitting a PR to improve it and want to discuss the particulars, happy to do so.
z
zwass
01/26/2021, 5:49 PMKk will do. I'm not sure how much work it would be to expose it from there. I'll file an issue to discuss if we decide to try to tackle it. Thanks!
s
seph
01/26/2021, 6:15 PMI’ve been meaning to revisit that after the error message got added to osquery. But it hasn’t bubbled up. Ideas welcome 🙂