Channels
#kolide
Title
# kolide
g
Gavin Chen
07/01/2019, 7:27 PMAnyone around help with Kolide with Windows or am I in wrong channel again, I been asking question for like a week now and no luv
z
zwass
07/01/2019, 7:28 PM
If you ask your question we can try to help you. I see now that you replied a couple days after my last reply with the actual question so I can reply on that thread or you can start a new one.
g
Gavin Chen
07/01/2019, 7:29 PMyou told me to ask my question Kolide, I do not know how to use slack so if it can be answered here that would work?
z
zwass
07/01/2019, 7:30 PM
Is your question how to run Launcher as a service?
g
Gavin Chen
07/01/2019, 7:30 PMIt could be I have an entire miss understanding, ill try to explain and maybe it makes since to you.
👍 1
Im using Windows, I can get the host to sync with the Fleet on the ubuntu system just fine, no error I see it in Fleet etc, but when the cmd prompt closes the host falls out of Fleet
So, one time you suggest I need to launch it as a service
So I tried last few days to get it to run with osqueryd
here is cmd line I used
z
zwass
07/01/2019, 7:33 PM
Typically anything you run on the cmd line will exit when you close the command line. So you'll need to run it as a service.
g
Gavin Chen
07/01/2019, 7:33 PMWhen I look at the traffic in wireshark, it appears that the Fleet is responding to my windows host, but the Host will never show up in Fleet
z
zwass
07/01/2019, 7:34 PM
If you run that command not as a service, does it work?
g
Gavin Chen
07/01/2019, 7:35 PMfrom what I can remember when I just run it as osqueryd it would only accept osquery secret and the hostname, my command line would never accept me pointing it to the flags file
z
zwass
07/01/2019, 7:36 PM
We always advise testing connecting osqueryd or Launcher to Fleet manually before trying to create a service. Have you connected it successfully manually ever?
g
Gavin Chen
07/01/2019, 7:36 PMonly successful with Launcher never with osqueryd which is why its confusing
my thought was it was the exact same command line from launcher, then just simply replace with osqueryd but never had success, but then again I don't know if that is true
z
zwass
07/01/2019, 7:38 PM
That will certainly not work
g
Gavin Chen
07/01/2019, 7:38 PMgood to know
z
zwass
07/01/2019, 7:38 PM
Osquery requires many more flags than what Launcher does
Which is part of the reason Launcher exists
g
Gavin Chen
07/01/2019, 7:38 PMah
z
zwass
07/01/2019, 7:38 PM
If you can make Launcher run successfully, why not run that as a service?
g
Gavin Chen
07/01/2019, 7:39 PMI have no idea how any help be great, im not a computer guy im trying to get this settup for my 14 who loves computers
im just trying my best to be a good dad, but no idea what im doing
if you have a example screen shot to run launcher as a service, i be glad give that a shot
z
zwass
07/01/2019, 7:43 PM
Your sc.exe command may work if you just replace all the osqueryd arguments with the Launcher arguments.
g
Gavin Chen
07/01/2019, 7:44 PMgreat good to know, ill give that a try at the house, I took that right off the website docs, but simply exchange that info with the launcher.exe instead of osqueryd
appreciated
z
zwass
07/01/2019, 7:45 PM
You will want to use the full command line that you use to successfully start Launcher
g
Gavin Chen
07/01/2019, 7:45 PMgreat I will give it a try after work thanks
z
zwass
07/01/2019, 7:46 PM
Good luck!
g
Gavin Chen
07/01/2019, 7:46 PMty
Hmm the service created fine but will not start