G’Morning folks….I have written a logging plugin t...
# generalj
Jordan
08/05/2022, 5:00 PMG’Morning folks….I have written a logging plugin that is logging the status logs great, but I have been playing with the flags for an hour and I can not get the scheduled queries to log there as well. Has anyone gotten this to work successfully?
Jordan
08/05/2022, 5:01 PM Copy code
9 --logger_plugin=my_logger
10 --logger_event_type=true
11 --logger_min_status=0
12 --logger_stderr=false
13 --logger_snapshot_event_type=true
14 --schedule_lognames=true
15 --distributed_loginfo=trueJordan
08/05/2022, 5:01 PM^ Current flags set
m
Mike Myers
08/05/2022, 5:06 PMone idea: verify with the
osquery_schedulej
Jordan
08/05/2022, 5:08 PMha, great call….the table is empty
m
Mike Myers
08/05/2022, 5:08 PMwell I didn't solve your problem but your logger might be fine haha
j
Jordan
08/05/2022, 5:08 PMhaha….thanks man
Jordan
08/05/2022, 5:23 PMworking now….thanks @Mike Myers
m
Mike Myers
08/05/2022, 5:24 PMoh nice, what was the fix?
j
Jordan
08/05/2022, 5:25 PMI have no idea where I copied my test osquery.conf file from, but the scheduled stanza was all kinds of wrong…and since I didnt see a log error, I didnt even think to check that
3 Views