Hi @Stefano Bonicatti, @seph We have a custom library which uses readily avaialble`osqueryi` executable which runs the given SQL command and provides the output in JSON. I have a doubt about

osqueryi

. How can we capture the osquery status logs. such as INFO, ERROR, WARNING to file. From my investigation, I arrived at a point that

osqueryi

cannot use flags of

logger_plugin

to redirect them to file. Also, osquery uses

glog

by default when no logger_plugin is set. with this, it always redirects the logs to console. How can we control the log messages of

osqueryi

. I know

osqueryi

is interactive shell. I tried looking into source code and found below code. Please help me find a way to capture the

osqueryi

runtime logs. I am ok to modify the source code and rebuild the binary. ` if (isShell()) { // Do not set these values before calling ParseCommandLineFlags. // These values are force-set and ignore the configuration and CLI. FLAGS_disable_logging = true; FLAGS_disable_watchdog = true; } `

I think it’d be great not to see console messages in osqueryi.

Yeah we could do that already, But I would like to redirect them to log file. Just the status logs. Not the Output

@lankesh how can we suppress these for osqueryi only? You're saying there's a way to do that?

Use 2 flags. logger_min_status=3 and logger_min_stderr=3