https://github.com/osquery/osquery logo
Join Slack
Powered by
Anyone around help with Kolide with Windows or am ...
# kolide
g
Anyone around help with Kolide with Windows or am I in wrong channel again, I been asking question for like a week now and no luv
z
If you ask your question we can try to help you. I see now that you replied a couple days after my last reply with the actual question so I can reply on that thread or you can start a new one.
g
you told me to ask my question Kolide, I do not know how to use slack so if it can be answered here that would work?
z
Is your question how to run Launcher as a service?
g
It could be I have an entire miss understanding, ill try to explain and maybe it makes since to you.
👍 1
Im using Windows, I can get the host to sync with the Fleet on the ubuntu system just fine, no error I see it in Fleet etc, but when the cmd prompt closes the host falls out of Fleet
So, one time you suggest I need to launch it as a service
So I tried last few days to get it to run with osqueryd
here is cmd line I used
z
Typically anything you run on the cmd line will exit when you close the command line. So you'll need to run it as a service.
g
When I look at the traffic in wireshark, it appears that the Fleet is responding to my windows host, but the Host will never show up in Fleet
z
If you run that command not as a service, does it work?
g
from what I can remember when I just run it as osqueryd it would only accept osquery secret and the hostname, my command line would never accept me pointing it to the flags file
z
We always advise testing connecting osqueryd or Launcher to Fleet manually before trying to create a service. Have you connected it successfully manually ever?
g
only successful with Launcher never with osqueryd which is why its confusing
my thought was it was the exact same command line from launcher, then just simply replace with osqueryd but never had success, but then again I don't know if that is true
z
That will certainly not work
g
good to know
z
Osquery requires many more flags than what Launcher does
Which is part of the reason Launcher exists
g
ah
z
If you can make Launcher run successfully, why not run that as a service?
g
I have no idea how any help be great, im not a computer guy im trying to get this settup for my 14 who loves computers
im just trying my best to be a good dad, but no idea what im doing
if you have a example screen shot to run launcher as a service, i be glad give that a shot
z
Your sc.exe command may work if you just replace all the osqueryd arguments with the Launcher arguments.
g
great good to know, ill give that a try at the house, I took that right off the website docs, but simply exchange that info with the launcher.exe instead of osqueryd
appreciated
z
You will want to use the full command line that you use to successfully start Launcher
g
great I will give it a try after work thanks
z
Good luck!
g
ty
Hmm the service created fine but will not start
Open in Slack
PreviousNext
Powered by