Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

AGood morning all.  I am an osquery newbie - I'm trying to run osquery with 3 commands and send the results to syslog  When I run  a `systemctl status osqueryd`  I see the errors below

`eventfactory.cpp:156] Event publisher not enabled: BFEventPublisher: Publisher disabled via config`
`eventfactory.cpp:156] Event publisher not enabled: auditeventpublisher: Publisher disabled via config`
`eventfactory.cpp:156] Event publisher not enabled: ionotify: Publisher disabled via config`
`eventfactory.cpp:156] Event publisher not enabled: syslog: Publisher disabled via config`

My osquery.flag file looks like this:

`--logger_plugin=filesystem`
`--config_plugin=filesystem`
`--logger_rotate=true`
`--logger_rotate_max_files=2`

How can I get rid of these errors/warnings?

:wave: Hi these are informational messages around the configuration of event publishers / subscribers and the state, so can be safely ignored.

However if you wish to change the default logging level of messages sent to the osquery daemon you can pass additional flags, these are documented at <https://osquery.readthedocs.io/en/latest/deployment/logging/#status-logs>