OSQuery never gets response when running queries

[mralexc]

Version

2.4.100

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Standalone

Location

airgap

Hardware Specs

Exceeds minimum requirements

CPU

12

RAM

128G

Storage for /

293 G

Storage for /nsm

7T

Network Traffic Collection

tap

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Currently, I get no results when running queries to the installed agents from osquery. The agents respond otherwise, logs are being collected, but osquery specifically doesn't get a response. The agents have the default endpoints-initial policy on them. I see Healthy listed in the statuses. I am running against rocky 9 clients.

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[mralexc]

I think this is similar to #13819 . As I do now see the results in discover, but the live query page itself just spins and spins.

[defensivedepth]

@mralexc 2.4.130 was just released, with the latest Elastic updates. I would suggest upgrading.

https://blog.securityonion.net/2025/03/security-onion-24130-now-available.html