Skip to content

Missing NFS in output of osqueryi if mounted via AUTOFS #6865

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#6871
Closed
Missing NFS in output of osqueryi if mounted via AUTOFS#6865
#6871
Labels
Linuxbugvirtual tables
@thomas-merz

Description

@thomas-merz
thomas-merz
opened on Dec 30, 2020

Bug report

We are doing a osqueryi --json 'SELECT device, path, type, blocks_size, blocks_free, blocks FROM mounts' to gather all filesystems on our RHEL (7+8) and SLES (12+15) hosts. Up to Version 4.0.1-1 we got the following result as expected:

{"blocks":"","blocks_free":"","blocks_size":"","device":"/etc/auto.direct","path":"/srv/snaplock/archentw_cs_xx_original","type":"autofs"},
{"blocks":"819200","blocks_free":"818904","blocks_size":"65536","device":"KAFPINAARCH01_lif2.ka.de.dm-drogeriemarkt.com:/archentw_cs_xx_original","path":"/srv/snaplock/archentw_cs_xx_original","type":"nfs"},

But since we updated to 4.4.0-1 or to 4.5.1-1 and even to 4.6.0-1 the output is still missing the NFS line from before:

{"blocks":"0","blocks_free":"0","blocks_size":"0","device":"/etc/auto.direct","path":"/srv/snaplock/archentw_cs_xx_original","type":"autofs"},

What operating system and version are you using?

We use osquery on RHEL 7, RHEL 8 and on SLES 12 and 15. This constellation (NFS via autofs) is currently only used on some RHEL 7 hosts:

 version = Red Hat Enterprise Linux Server release 7.8 (Maipo)
   build =
platform = rhel

What version of osquery are you using?

/var/log/yum.log-20190815.gz:May 23 15:47:37 Installed: osquery-3.3.2-1.linux.x86_64
/var/log/yum.log-20200101.gz:Sep 12 02:24:47 Updated: osquery-4.0.1-1.linux.x86_64
/var/log/yum.log:Aug 26 13:54:15 Updated: osquery-4.4.0-1.x86_64
/var/log/yum.log:Oct 10 02:24:10 Updated: osquery-4.5.1-1.x86_64
/var/log/yum.log:Dec 29 10:39:27 Installed: osquery-4.0.1-1.linux.x86_64
/var/log/yum.log:Dec 29 10:44:28 Updated: osquery-4.5.1-1.x86_64
/var/log/yum.log:Dec 30 10:31:44 Updated: osquery-4.6.0-1.linux.x86_64

Currently the problem exists with 4.4.0-1 and 4.5.0-1 and even with most latest 4.6.0-1.

What steps did you take to reproduce the issue?

What did you expect to see?

We expect to see the NFS line, too, with the autofs line in the output of SELECT device, path, type, blocks_size, blocks_free, blocks FROM mounts'

What did you see instead?

We only saw the autofs line :-(
So everything that depends on the existence of this line is failing. Our monitoring for example was missing this NFS mounts, so they couldn't be monitored before running out of space producing an outage :-(

Metadata

Assignees

No one assigned

    Labels

    Linuxbugvirtual tables

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions