Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Nebula fails if osquery is not able to run a query
See original GitHub issueIn Ubuntu 14, osquery fails when it tries to execute the following query:
- query_name: deb_packages
query: SELECT t.unix_time AS query_time, deb.name, deb.version, deb.revision, deb.source AS package_source, deb.size, deb.arch FROM deb_packages AS deb JOIN time AS t;
I get the following error if I try to run this query manually using osqueryi:
osquery: error: failed to open package info file ‘/var/lib/dpkg//status’ for reading: Permission denied
terminate called without an active exception
Segmentation fault
The result object returned to nebula module does not contain any ‘data’ key, so the code fails and logs are not pushed for the whole group of nebula queries. Logs:
2017-09-26 20:15:08 [hubblestack.daemon][ERROR ] Error executing schedule
Traceback (most recent call last):
File "hubblestack/daemon.py", line 94, in main
File "hubblestack/daemon.py", line 209, in schedule
File "/opt/hubble/hubble-libs/hubblestack/extmods/modules/nebula_osquery.py", line 202, in queries
for result in query_ret['data']:
KeyError: 'data'
Issue Analytics
- State:
- Created 6 years ago
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Debugging - osquery - Read the Docs
The first config-check fails because it attempts to verify the sanity of the RocksDB directory while a daemon is running. The second attempt...
Read more >osqueryi returns zero error code (success) when command ...
This presents an issue for being able to determine if a query run in this manner was successful. The only way to determine...
Read more >Monitoring and managing the impact of query performance on ...
Monitoring and managing the impact of query performance on Osquery. There are lots of ways to use Osquery to query the underlying system....
Read more >Osquery | Kibana Guide [master]
With Osquery in Kibana, you can: Run live queries for one or more agents; Schedule query packs to capture changes to OS state...
Read more >Fail to connect osquery from window server to kolide fleet
The best way to debug this kind of issue is to test out your configuration by running osqueryd manually, rather than as a...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Even if we fix the original error in the query, nebula should not fail so hard, so I’ll leave this open either way.
(The git issue is separate and should be in a separate issue)
Glad the new version of osquery helped. I still want to fix the underlying hard fail, so this isn’t as much of an issue in the future.