https://github.com/osquery/osquery logo
Join Slack
Powered by
`Extension socket not available` is about failing ...
# kolide
s
Extension socket not available
is about failing to launch osquery and communicate with it. It is unrelated to the server.
p
@seph do you have any idea for possible troobleshooting? I can use osqueryd without any problem, hence don understand why is failing with the launcher.
s
I’m not sure. You said you ran this with -debug. Can you upload the full logs?
p
here it goes. I substitute the ip address and key with xxx. I have run and executed the same command on other Macs and it has worked successfully. Hence, this is happenning only on my machine. Before I can deploy to multiple machines would be great to understand why this is happening here. Logs seemed confusing but related with "cannot open a socket", I tried with sudo as well.
troobleshoot.txt
s
I’m not sure it’s the problem, but I see that your port is 
:8080
, which implies http to me. But launcher is going to default to TLS connections. Is that a TLS port?
Error seems wrong though. I think you’d get a really clear TLS failure if that was it
Starting at that more, there’s an error there from osquery itself. I’m not sure what’s up with that.
Is there anything odd on this mac? Out of disk space? Process restrictions? In need of rebooting? (I’m grasping at straws)
p
I am running TLS with 8080 but self signed cert
I used now packaged builder and installed via that and it work now. So packagebuilder was the saviour
s
I’m glad it worked 😃
👍 1
Though I don’t understand what the original issue was.
p
me neither the manual execution on other macs worked perfectly
just one final question and (really appreciated your help) on the sensor side I do not need to explicit state that I want to use a secure connection right? At server side I am enforcing a self signed certificate (tls) for now as a test. Of course I run the flag --insecure on the sensor due to that. Am I thinking right? plus I did some wireshark analysis can't see clear text flowing between the endpoint and this server
s
Correct. launcher defaults to using secure transports and verified certs. 
--insecure
allows unverified certs. 
--insecure_transport
disables TLS. See 
--dev_help
for the options
p
perfect is running like a charm. I will double check that. One thing I don't find in the launcher (package-builder) is the help for the flag -targets if I want to do a windows or linux package (and not pkg for macos) can you point me out on the please do read about it. thanks for all the help
s
Targets are 
platform-init-packaging
triples. linux is going to be something like 
linux-systemd-deb
windows is going to be 
windows-service-msi
.
(from memory, you’d need to dig through the code to find the full list)
p
👍 awesome will do that
4 Views
Open in Slack
PreviousNext
Powered by