I am new to osquery, I am trying to get my server Syslog from osquery using Syslog-ng. I tried by adding the below in Syslog-ng.conf file, however, am getting data till the syslog_pipe file. but not able to fetch it using osqueryi =================== # Reformat log messages in a format that osquery accepts rewrite r_csv_message { set("$MESSAGE", value("CSVMESSAGE") ); subst("\"","\"\"", value("CSVMESSAGE"), flags(global) ); }; template t_csv { template("\"${ISODATE}\",\"${HOST}\",\"${LEVEL_NUM}\",\"${FACILITY}\",\"${PROGRAM}\",\"${CSVMESSAGE}\"\n"); template_escape(no); }; # Sends messages to osquery destination d_osquery { pipe("/var/osquery/syslog_pipe" template(t_csv)); }; # Stores messages sent to osquery in a log file, useful for troubleshooting destination d_osquery_copy { file("/var/log/csv_osquery" template(t_csv)); }; # Log path to send incoming messages to osquery log { source(s_src); filter(f_auth); destination(d_auth); rewrite(r_csv_message); destination(d_osquery); #destination(d_osquery_copy); }; =================== One more thing is; Also, I have made changes in osquery.conf to enable FIM. When I tried Syslog-ng(client-master server), if disable FIM am getting data from the client machine for 'select * from Syslog;' in the master server machine. If enabled, no data for Syslog-ng(client-master server) or for the Syslog-ng(for my own server) Could any one help me to figure this out.