im attempting to use an amazonlinux instance in aws with osquery on it to send osquery logs to elasticsearch. it doesnt look like i can write directly so I setup a firehose to write to elasticsearch and am attempting to write osquery logs to the firehose. are there any additional flags I can use for troubleshooting? I have a role attached to the instance that gives full list and write ability to the firehose but im still not seeing any activity on it.
20 replies · 2 participants
06/19/2020, 12:24 PM
Hey Guys, I was wondering if anyone could clarify the difference in the semantics between proxy_hostname and the aws_proxy* related settings. Like bao earlier, I could not get the AWS SDK proxy setup to be used while proxy_hostname seems to do the trick (albeit in a way that seems to reduce the capabilities, like no proxy authentication). Checking the config flags from the agent (with the AWS proxy configuration alone), it looks like all configuration directives are properly parsed and enabled in the configuration. It's just that the https client used to connect to kinesis does not use them
Hi all, I'm running into a bit of trouble launching Osquery on Amazon Linux 2. Has anyone seen this or have an idea what configuration I might need to tweak? Any help would be much appreciated, thanks. https://github.com/osquery/osquery/issues/7691