I am exploring osquery and trying to get data remotely. I have taken one machine as distributed query server and others as host machine. And I configured the osquery.conf for both server machine and host machine. when i ran the query, I am getting error as eventpublisher not enabled. Can any one tell me the solution or how to configure the files?

Osquery itself only works on a single host. If you want it to talk to central server, you need something to act as a TLS server. Sometimes called a fleet manager. Osquery itself is not a “distributed query server” Is there some document that says otherwise?

Thanks for your response. No, I tried myself by taking one machine as a server machine. I have mentioned my configuration details below. Can you suggest any possibility of getting data remotely or any agent-based tools other than osquery?

What is that a config file? It looks like an osquery configuration, but osquery cannot act as a distributed query serer. There is no code in osquery for that