https://github.com/osquery/osquery logo
Join Slack
Powered by
Hey gang - cross posting on the macadmins fleet ch...
# fleet
o
Hey gang - cross posting on the macadmins fleet channel also: I have my Fargate container env 
FLEET_OSQUERY_RESULT_LOG_PLUGIN = "firehose"
set and verified the correct AWS IAM role is in place yet I am not getting any scheduled query data arriving on my firehose stream and so consequently no data landing in S3. Anyone have any pointers on what i've missed before I dig deeper into this? Are there fleetdm server logs that should reflect delivery errors? I am using all the default tf values:
Copy code
output "fleet_extra_environment_variables" {
  value = {
    FLEET_FIREHOSE_STATUS_STREAM    = aws_kinesis_firehose_delivery_stream.osquery_status.name
    FLEET_FIREHOSE_RESULT_STREAM    = aws_kinesis_firehose_delivery_stream.osquery_results.name
    FLEET_FIREHOSE_REGION           = data.aws_region.current.name
    FLEET_OSQUERY_STATUS_LOG_PLUGIN = "firehose"
    FLEET_OSQUERY_RESULT_LOG_PLUGIN = "firehose"
  }
}
https://github.com/fleetdm/fleet/tree/main/terraform/addons/logging-destination-firehose Appreciate the help in advance.
r
Hi! • Did you set 
activity_audit_log_plugin
to 
firehose
and 
activity_enable_audit_log
set to 
true
?
o
I was under the impression audit logs are restricted to premium customers so I do not have that key set currently. Should I enable it? @Rachel Perkins
I have it working now. This is the piece I was missing:
Copy code
Query automations let you send data to your log destination on a schedule. Data is sent according to a query's frequency.
Once I selected my queries from queries > manage automations data started to flow to my buckets.
r
Ahh, I'm glad you figured it out!!! Happy Friday
Open in Slack
PreviousNext
Powered by