https://github.com/osquery/osquery logo
Powered by
j

Jordan

08/05/2022, 5:00 PM
G’Morning folks….I have written a logging plugin that is logging the status logs great, but I have been playing with the flags for an hour and I can not get the scheduled queries to log there as well. Has anyone gotten this to work successfully?
Copy code
9 --logger_plugin=my_logger
 10 --logger_event_type=true
 11 --logger_min_status=0
 12 --logger_stderr=false
 13 --logger_snapshot_event_type=true
 14 --schedule_lognames=true
 15 --distributed_loginfo=true
^ Current flags set
m

Mike Myers

08/05/2022, 5:06 PM
one idea: verify with the 
osquery_schedule
table that the queries were executed?
j

Jordan

08/05/2022, 5:08 PM
ha, great call….the table is empty
m

Mike Myers

08/05/2022, 5:08 PM
well I didn't solve your problem but your logger might be fine haha
j

Jordan

08/05/2022, 5:08 PM
haha….thanks man
working now….thanks @Mike Myers
m

Mike Myers

08/05/2022, 5:24 PM
oh nice, what was the fix?
j

Jordan

08/05/2022, 5:25 PM
I have no idea where I copied my test osquery.conf file from, but the scheduled stanza was all kinds of wrong…and since I didnt see a log error, I didnt even think to check that
3 Views
Powered by