I have written one Osquery extension in Go-Lang in that I am registering logger and config plugin. Creating runtime config.
Flages :-
--disable_extensions=false
--disable_events=false
--events_expiry=1
--events_optimize=true
--events_max=500000
--logger_plugin=testlogger
--config_plugin=testconfig
--extensions_timeout=600
--extensions_interval=5
--extensions_require=testextmgr
--database_path="C:\Program Files\Test\testosqueryd.db"
--extensions_socket="\\.\pipe\testosquery.em"
below is my runtime config:-
{
"packs": {
"windows-attacks": "C:\\Program Files\\osquery\\packs\\windows-attacks.conf"
}
}
Below are my logger and config function.
func LogString(ctx context.Context, typ logger.LogType, logText string) error {
fmt.Println(logText)
gCnt = gCnt + 1
return nil
}
func ConfigCallback(ctx context.Context) (map[string]string, error) {
return map[string]string{
"config": configSchedule_ntfs_journal_events,
}, nil
}
Issue:- Now when I run my code, not getting any callback for packs.
Other Tryouts: -
Instead of giving runtime conf I checked by giving packs in osquery.conf. There it is giving callback and logs are getting generated.
While trying this only change I commented config code and in flags added --config_path="C:\Program Files\osquery\osquery.conf" instead of --config_plugin=testconfig
Can someone help here what is going wrong?