Error parsing the config JSON
Opened this issue · 0 comments
Hello!osquery does not work. Writes nothing to the log.Error reading config: Error parsing the config JSON
C:\Program Files\osquery>osqueryi --verbose
I1124 10:09:31.306763 3892 init.cpp:413] osquery initialized [version=5.10.2]
I1124 10:09:31.322425 3892 dispatcher.cpp:78] Adding new service: UsersService (00000249448AF560) to thread: 7356 (00000249448E7170) in process 7376
I1124 10:09:31.322425 3892 dispatcher.cpp:78] Adding new service: GroupsService (00000249448AE790) to thread: 1948 (00000249448477B0) in process 7376
I1124 10:09:31.322425 3892 extensions.cpp:453] Could not autoload extensions: Cannot open file for reading: \Program Files\osquery\extensions.load
I1124 10:09:31.337944 1948 groups_service.cpp:55] Groups cache initialized
I1124 10:09:31.337944 7356 users_service.cpp:149] Users cache initialized
I1124 10:09:31.337944 3892 dispatcher.cpp:78] Adding new service: ExtensionWatcher (00000249448175E0) to thread: 484 (00000249465D0800) in process 7376
I1124 10:09:31.353600 3892 dispatcher.cpp:78] Adding new service: ExtensionRunnerCore (00000249465F2E00) to thread: 7400 (00000249465D0580) in process 7376
I1124 10:09:31.353600 7400 interface.cpp:299] Extension manager service starting: \.\pipe\shell.em
I1124 10:09:31.369115 3892 auto_constructed_tables.cpp:99] Removing stale ATC entries
E1124 10:09:31.369115 3892 config.cpp:879] updateSource failed to parse config, of source: \Program Files\osquery\osquery.conf and content: {
// Configure the daemon below:
"options": {
// The log directory stores info, warning, and errors.
// If the daemon uses the 'filesystem' logging retriever then the log_dir
// will also contain the query results.
"logger_path": "C:\Program Files\osquery\log",
// Set 'disable_logging' to true to prevent writing any info, warning, error
//logs. If a logging plugin is selected it will still write query results.
"disable_logging": "false",
// Splay the scheduled interval for queries.
// This is very helpful to prevent system performance impact when scheduling
// large numbers of queries that run a smaller or similar intervals.
"schedule_splay_percent": "10",
},
// Define a schedule of queries:
"schedule": {
// This is a simple example query that outputs basic system information.
"system_info": {
// The exact query to run.
"query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;",
// The interval in seconds to run this query, not an exact interval.
"interval": 90
}
},
// Decorators are normal queries that append data to every query.
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT user AS username FROM logged_in_users ORDER BY time DESC LIMIT 1;"
]
},
// Add default osquery packs or install your own.
//
// There are several 'default' packs installed via
// packages and/or Homebrew.
//
// Linux: /opt/osquery/share/osquery/packs
// OS X: /var/osquery/packs
// Homebrew: /usr/local/share/osquery/packs
// make install: {PREFIX}/share/osquery/packs
//
"packs": {
// "osquery-monitoring": "/opt/osquery/share/osquery/packs/osquery-monitoring.conf",
// "incident-response": "/opt/osquery/share/osquery/packs/incident-response.conf",
// "it-compliance": "/opt/osquery/share/osquery/packs/it-compliance.conf",
// "osx-attacks": "/var/osquery/packs/osx-attacks.conf",
// "vuln-management": "/opt/osquery/share/osquery/packs/vuln-management.conf",
// "hardware-monitoring": "/opt/osquery/share/osquery/packs/hardware-monitoring.conf",
// "ossec-rootkit": "/opt/osquery/share/osquery/packs/ossec-rootkit.conf",
// "windows-hardening": "C:\Program Files\osquery\packs\windows-hardening.conf",
// "windows-attacks": "C:\Program Files\osquery\packs\windows-attacks.conf"
},
// Provides feature vectors for osquery to leverage in simple statistical
// analysis of results data.
//
// Currently this configuration is only used by Windows in the Powershell
// Events table, wherein character_frequencies is a list of doubles
// representing the aggregate occurrence of character values in Powershell
// Scripts. A default configuration is provided which was adapted from
// Lee Holmes cobbr project:
// https://gist.github.com/cobbr/acbe5cc7a186726d4e309070187beee6
//
"feature_vectors": {
"character_frequencies": [
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.00045, 0.01798,
0.0, 0.03111, 0.00063, 0.00027, 0.0, 0.01336, 0.0133,
0.00128, 0.0027, 0.00655, 0.01932, 0.01917, 0.00432, 0.0045,
0.00316, 0.00245, 0.00133, 0.001029, 0.00114, 0.000869, 0.00067,
0.000759, 0.00061, 0.00483, 0.0023, 0.00185, 0.01342, 0.00196,
0.00035, 0.00092, 0.027875, 0.007465, 0.016265, 0.013995, 0.0490895,
0.00848, 0.00771, 0.00737, 0.025615, 0.001725, 0.002265, 0.017875,
0.016005, 0.02533, 0.025295, 0.014375, 0.00109, 0.02732, 0.02658,
0.037355, 0.011575, 0.00451, 0.005865, 0.003255, 0.005965, 0.00077,
0.00621, 0.00222, 0.0062, 0.0, 0.00538, 0.00122, 0.027875,
0.007465, 0.016265, 0.013995, 0.0490895, 0.00848, 0.00771, 0.00737,
0.025615, 0.001725, 0.002265, 0.017875, 0.016005, 0.02533, 0.025295,
0.014375, 0.00109, 0.02732, 0.02658, 0.037355, 0.011575, 0.00451,
0.005865, 0.003255, 0.005965, 0.00077, 0.00771, 0.002379, 0.00766,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,
0.0, 0.0, 0.0
]
}
}
I1124 10:09:31.665886 3892 init.cpp:762] Error reading config: Error parsing the config JSON
I1124 10:09:31.665886 3892 loader.cpp:45] No experiments selected
Using a �[1mvirtual database�[0m. Need help, type '.help'