We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I installed osquery using:
$ brew install osquery
Verified it works:
$ osqueryi Using a virtual database. Need help, type '.help' osquery> select timestamp from time; +------------------------------+ | timestamp | +------------------------------+ | Mon Apr 17 15:36:50 2023 UTC | +------------------------------+
Copied the code from README:
import osquery if __name__ == "__main__": instance = osquery.SpawnInstance() instance.open() instance.client.query("select timestamp from time;")
When I ran above code, I get this error:
Traceback (most recent call last): File "main.py", line 5, in <module> instance.open() File "./venv/lib/python3.8/site-packages/osquery/management.py", line 137, in open raise Exception("Cannot start process from path: %s" % (self.path)) Exception: Cannot start process from path: /usr/local/bin/osqueryd
I then noticed that osqueryi is simply a symlink to osqueryd which the above is looking for:
osqueryi
osqueryd
$ ls -a /usr/local/bin/osqueryi lrwxr-xr-x 52 root 17 Apr 11:20 /usr/local/bin/osqueryi -> /opt/osquery/lib/osquery.app/Contents/MacOS/osqueryd
So I tried this:
import osquery if __name__ == "__main__": instance = osquery.SpawnInstance("/usr/local/bin/osqueryi") instance.open() instance.client.query("select timestamp from time;")
But, now I get different error:
Traceback (most recent call last): File "./main.py", line 6, in <module> instance.client.query("select timestamp from time;") File "./venv/lib/python3.8/site-packages/osquery/extensions/ExtensionManager.py", line 181, in query self.send_query(sql) File "./venv/lib/python3.8/site-packages/osquery/extensions/ExtensionManager.py", line 190, in send_query self._oprot.trans.flush() File "./venv/lib/python3.8/site-packages/thrift/transport/TTransport.py", line 179, in flush self.__trans.write(out) File "./venv/lib/python3.8/site-packages/thrift/transport/TSocket.py", line 172, in write raise TTransportException(type=TTransportException.NOT_OPEN, thrift.transport.TTransport.TTransportException: Transport not open
What am I doing wrong? Why is running code from the README doesn't work??
The text was updated successfully, but these errors were encountered:
No branches or pull requests
I installed osquery using:
Verified it works:
Copied the code from README:
When I ran above code, I get this error:
I then noticed that
osqueryiis simply a symlink toosquerydwhich the above is looking for:$ ls -a /usr/local/bin/osqueryi lrwxr-xr-x 52 root 17 Apr 11:20 /usr/local/bin/osqueryi -> /opt/osquery/lib/osquery.app/Contents/MacOS/osquerydSo I tried this:
But, now I get different error:
What am I doing wrong? Why is running code from the README doesn't work??
The text was updated successfully, but these errors were encountered: