Uninstalling the Host Monitoring App¶
Uninstalling Host Monitoring Agents¶
Uninstall the Host Monitoring Agents as follows:
Note
This completely removes the following packages from your system, including any additional configurations you may have added outside of Observe. Please be sure you want to do this before proceeding.
Uninstall on Amazon Linux 2 with the following commands:
sudo service osqueryd stop
sudo yum erase osquery -y
sudo rm /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
sudo rm /etc/osquery/osquery.conf
sudo service fluent-bit stop
sudo yum erase fluent-bit -y
sudo rm /etc/yum.repos.d/fluent-bit.repo
sudo rm /etc/fluent-bit/fluent-bit.conf
sudo service telegraf stop
sudo yum erase telegraf -y
sudo rm /etc/yum.repos.d/influxdb.repo
sudo rm /etc/telegraf/telegraf.conf
Uninstall on Amazon Linux 2023 with the following commands:
sudo service osqueryd stop
sudo yum erase osquery -y
sudo rm /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
sudo rm /etc/osquery/osquery.conf
sudo service fluent-bit stop
sudo yum erase fluent-bit -y
sudo rm /etc/yum.repos.d/fluent-bit.repo
sudo rm /etc/fluent-bit/fluent-bit.conf
sudo service telegraf stop
sudo yum erase telegraf -y
sudo rm /etc/yum.repos.d/influxdb.repo
sudo rm /etc/telegraf/telegraf.conf
Uninstall on Ubuntu 20.04 with the following commands:
sudo service osqueryd stop
sudo apt-get remove osquery -y
sudo rm /etc/osquery/osquery.conf
sudo rm /etc/osquery/osquery.flags
sudo service fluent-bit stop
sudo apt-get remove fluent-bit -y
sudo rm /etc/fluent-bit/fluent-bit.conf
sudo service telegraf stop
sudo apt-get remove telegraf -y
sudo rm /etc/telegraf/telegraf.conf
Uninstall on Debian 11 with the following commands:
sudo service osqueryd stop
sudo apt-get remove osquery -y
sudo rm /etc/osquery/osquery.conf
sudo rm /etc/osquery/osquery.flags
sudo service td-agent-bit stop
sudo apt-get remove td-agent-bit -y
sudo rm /etc/td-agent-bit/td-agent-bit.conf
sudo service telegraf stop
sudo apt-get remove telegraf -y
sudo rm /etc/telegraf/telegraf.conf
Uninstall on CentOS with the following commands:
sudo service osqueryd stop
sudo yum erase osquery -y
sudo rm /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
sudo rm /etc/osquery/osquery.conf
sudo rm /etc/osquery/osquery.flags
sudo service td-agent-bit stop
sudo yum erase td-agent-bit -y
sudo rm /etc/yum.repos.d/td-agent-bit.repo
sudo service telegraf stop
sudo yum erase telegraf -y
sudo rm /etc/yum.repos.d/influxdb.repo
To Automatically uninstall all of the components:
To uninstall the configuration and remove the installed services, follow these steps:
Run the uninstall script by using the following command:
[Net.ServicePointManager]::SecurityProtocol = "Tls, Tls11, Tls12, Ssl3"
Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/observeinc/windows-host-configuration-scripts/main/uninstall.ps1" -outfile .\uninstall.ps1
.\uninstall.ps1
This script will remove the osquery, fluent-bit, and telegraf services and their associated configuration files. If you would like to remove the services without confirming, you can add the -ForceRemove flag and all services and agents will be removed.
After running the uninstall script, you may need to manually remove any leftover directories. The following directories may need to be manually removed:
C:\Program Files\osquery C:\Program Files\fluent-bit C:\Program Files\InfluxData\telegraf
All config files get backed up to C:\temp\observe\.
Please ensure you have administrative privileges when running both the configuration and uninstallation scripts.
To manually uninstall of the components:
Uninstall on Microsoft Windows with the following steps using PowerShell:
Osquery
Stop-Service osqueryd
Under Windows Settings, open Add/Remove Programs. Locate “osquery” and click Uninstall. Click Uninstall again to confirm, and Windows removes osquery from your Windows device.
To remove the osquery install directory from your device:
Remove-Item -Recurse "${Env:Programfiles}\osquery"
Fluent Bit
Stop-Service fluent-bit
sc delete fluent-bit
Under Windows Settings, open Add/Remove Programs. Then find fluent-bit and click Uninstall. Click Uninstall again to confirm. Follow the steps to remove fluent-bit from your Windows device.
To remove the fluent-bit install directory:
Remove-Item -Recurse -Force "${Env:Programfiles}\fluent-bit"
Telegraf
Navigate to the telegraf.exe location, for example, C:\Program Files\InfluxData\telegraf\telegraf-1.26.0 and run the following Powershell command:
Stop-Service telegraf
cd "${Env:Programfiles}\InfluxData\telegraf\telegraf-1.26.0\"
.\telegraf.exe --service uninstall
To remove the telegraf install directory:
cd \; Remove-Item -Recurse -Force "${Env:Programfiles}\InfluxData\telegraf"
If you installed agents using the single sample command without setting the script argument -config_files_clean = TRUE, then you can also delete the following temp folder:
Remove-Item -Recurse -Force "C:\temp\observe"
Uninstall on MacOS with the following commands:
brew services stop telegraf
brew uninstall telegraf
sudo osqueryctl stop
brew uninstall --cask osquery
sudo launchctl unload -w /Library/LaunchDaemons/fluent-bit.plist
brew uninstall fluent-bit
You may also choose to remove configurations: /opt/homebrew/etc/telegraf.conf /var/osquery/osquery.conf /var/osquery/osquery.flags /etc/fluent-bit/fluent-bit.conf /etc/fluent-bit/observe-mac.conf /etc/fluent-bit/parsers-observe.conf
and log files: /opt/homebrew/var/telegraf.log /var/log/osquery/*
You may also need to remove service settings for custom log files or proxies if you added them.
App Uninstall¶
To uninstall the Host Monitoring app from your Observe workspace, follow the instructions located at Apps page.
If you have another app linked to the Host Monitoring app, then remove that link before deleting the Host Monitoring app.