We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
osqueryi --line "SELECT version, build, platform FROM os_version;" version = 14.3 build = 23D56 platform = darwin
osqueryi --line "SELECT version from osquery_info;" version = 5.11.0
nc -lkU aSocket.sock
listening_ports
process_open_sockets
process_open_sockets.family and listening_ports.family should be 1 instead of 0.
process_open_sockets.family
listening_ports.family
1
0
listening_ports.path should be nonempty.
listening_ports.path
osquery> select * from process_open_sockets where pid = 92233; pid = 92233 fd = socket = 3 family = 0 protocol = 0 local_address = remote_address = local_port = 0 remote_port = 0 path = aSocket.sock state = osquery> select * from listening_ports where pid = 92233; pid = 92233 port = 0 protocol = 0 family = 0 address = fd = 0 socket = 3 path =
Looking at the code it seems the path issue may result from the family issue.
path
family
This line should be setting the value to 1?
osquery/osquery/tables/system/darwin/process_open_descriptors.cpp
Line 181 in b9720d9
This would then properly set the path?
osquery/osquery/tables/networking/listening_ports.cpp
Lines 42 to 44 in b9720d9
The text was updated successfully, but these errors were encountered:
Successfully merging a pull request may close this issue.
Bug report
What operating system and version are you using?
What version of osquery are you using?
What steps did you take to reproduce the issue?
nc -lkU aSocket.sock
(leave running)listening_ports
andprocess_open_sockets
tables.What did you expect to see?
process_open_sockets.family
andlistening_ports.family
should be1
instead of0
.listening_ports.path
should be nonempty.What did you see instead?
Looking at the code it seems the
path
issue may result from thefamily
issue.This line should be setting the value to
1
?osquery/osquery/tables/system/darwin/process_open_descriptors.cpp
Line 181 in b9720d9
This would then properly set the path?
osquery/osquery/tables/networking/listening_ports.cpp
Lines 42 to 44 in b9720d9
The text was updated successfully, but these errors were encountered: