Title
#kolide
s

seph

09/12/2019, 2:01 PM
Extension socket not available
is about failing to launch osquery and communicate with it. It is unrelated to the server.
p

Pedro

09/12/2019, 5:55 PM
@seph do you have any idea for possible troobleshooting? I can use osqueryd without any problem, hence don understand why is failing with the launcher.
s

seph

09/12/2019, 5:56 PM
I’m not sure. You said you ran this with -debug. Can you upload the full logs?
p

Pedro

09/13/2019, 12:03 PM
here it goes. I substitute the ip address and key with xxx. I have run and executed the same command on other Macs and it has worked successfully. Hence, this is happenning only on my machine. Before I can deploy to multiple machines would be great to understand why this is happening here. Logs seemed confusing but related with "cannot open a socket", I tried with sudo as well.
s

seph

09/13/2019, 1:45 PM
I’m not sure it’s the problem, but I see that your port is
:8080
, which implies http to me. But launcher is going to default to TLS connections. Is that a TLS port?
1:47 PM
Error seems wrong though. I think you’d get a really clear TLS failure if that was it
1:50 PM
Starting at that more, there’s an error there from osquery itself. I’m not sure what’s up with that.
1:51 PM
Is there anything odd on this mac? Out of disk space? Process restrictions? In need of rebooting? (I’m grasping at straws)
p

Pedro

09/13/2019, 2:22 PM
I am running TLS with 8080 but self signed cert
2:23 PM
I used now packaged builder and installed via that and it work now. So packagebuilder was the saviour
s

seph

09/13/2019, 2:23 PM
I’m glad it worked 😃
2:23 PM
Though I don’t understand what the original issue was.
p

Pedro

09/13/2019, 2:39 PM
me neither the manual execution on other macs worked perfectly
2:41 PM
just one final question and (really appreciated your help) on the sensor side I do not need to explicit state that I want to use a secure connection right? At server side I am enforcing a self signed certificate (tls) for now as a test. Of course I run the flag --insecure on the sensor due to that. Am I thinking right? plus I did some wireshark analysis can't see clear text flowing between the endpoint and this server
s

seph

09/13/2019, 2:42 PM
Correct. launcher defaults to using secure transports and verified certs.
--insecure
allows unverified certs.
--insecure_transport
disables TLS. See
--dev_help
for the options
p

Pedro

09/13/2019, 4:00 PM
perfect is running like a charm. I will double check that. One thing I don't find in the launcher (package-builder) is the help for the flag -targets if I want to do a windows or linux package (and not pkg for macos) can you point me out on the please do read about it. thanks for all the help
s

seph

09/13/2019, 4:02 PM
Targets are
platform-init-packaging
triples. linux is going to be something like
linux-systemd-deb
windows is going to be
windows-service-msi
.
4:02 PM
(from memory, you’d need to dig through the code to find the full list)
4:03 PM
p

Pedro

09/13/2019, 7:06 PM
👍 awesome will do that