2.0 Update osquery agent install files
82 views
Skip to first unread message
mdi...@gmail.com
Aug 10, 2020, 9:41:30 AM8/10/20
to security-onion
Running into a bug in the Windows install. This gets repeated over and over in the event logs:
caller=level.go:63 level=info caller=extension.go:494 err="sending string logs: writing logs: transport error sending logs: rpc error: code = Internal desc = grpc: error while marshaling: proto: field \"kolide.agent.LogCollection.Log.Data\" contains invalid UTF-8"
caller=level.go:63 level=info caller=publish_logs.go:157 method=PublishLogs uuid=d121472b-e355-4c07-954c-4422799c88f4 logType=string log_count=707 message= errcode= reauth=false err="rpc error: code = Internal desc = grpc: error while marshaling: proto: field \"kolide.agent.LogCollection.Log.Data\" contains invalid UTF-8" took=3.0001ms
Appears to have been fixed in 4.3 and newer releases of osquery
DefensiveDepth
Aug 11, 2020, 8:19:16 AM8/11/20
to security-onion
Yes, our next release will include osquery 4.4 as well as re-enable auto-update for osquery, so that when new versions of osquery are released your endpoints will get the update automatically.
Osquery 4.5 refactors UTF-8 processing for windows (https://github.com/osquery/osquery/pull/6338) and should permanently resolve these issues - 4.5 should be released sometime this month.
-Josh
mdi...@gmail.com
Jan 19, 2021, 12:06:52 PM1/19/21
to security-onion
Hey Josh,
I know this is pretty old, but just an FYI - the latest OS Query, 4.5.1 still doesn't fix this issue even though the pull request was merged back in July and should be in this build.
Max
DefensiveDepth
Jan 19, 2021, 12:13:09 PM1/19/21
to security-onion
Max,
Can you please create a new discussion about this on our new community support forum? https://github.com/Security-Onion-Solutions/securityonion/discussions
Please make sure to include: SO version, install type, etc
Thanks
Reply all
Reply to author
Forward
0 new messages