hi, my osquery_resault.log at my fleet stop getti...
# fleetn
nick fury
09/06/2022, 2:02 PMhi, my osquery_resault.log at my fleet stop getting data in the past two weeks, and idea why does can it happen?
k
Kathy Satterlee
09/06/2022, 2:41 PMHi, @nick fury! Any chance your Logging destination got changed in Fleet? Are your hosts showing up as
onlinen
nick fury
09/06/2022, 2:46 PMno changes and my hosts are online
k
Kathy Satterlee
09/06/2022, 3:03 PMAre there any errors in the server logs?
Kathy Satterlee
09/06/2022, 3:06 PMAnd are the osquery status logs still updating?
n
nick fury
09/06/2022, 4:36 PMthe osquery status log still getting updated
nick fury
09/06/2022, 4:36 PMk
Kathy Satterlee
09/06/2022, 4:44 PMThat depends a little on your setup. The default output for Fleet error logs is
stderrKathy Satterlee
09/06/2022, 4:45 PMIf the status logs are getting updated, is there any chance that we have an odd situation where you're only running differential queries and things haven't changed? Or have you run live queries as well?
n
nick fury
09/06/2022, 6:56 PMhttps://osquery.slack.com/archives/C01DXJL16D8/p1662482682951189?thread_ts=1662472936.461979&cid=C01DXJL16D8
ye im using stderr, when can i see them in the console?
k
Kathy Satterlee
09/06/2022, 6:57 PMYou'd need to look at the terminal window/console that is running Fleet.
n
nick fury
09/06/2022, 6:59 PMnick fury
09/06/2022, 7:05 PMnick fury
09/07/2022, 5:02 AMdo you have any other idie?
k
Kathy Satterlee
09/07/2022, 2:46 PMAre you getting results back when you run a love query?
n
nick fury
09/08/2022, 9:32 AMyes
k
Kathy Satterlee
09/08/2022, 4:45 PMJust to be absolutely sure, can you pull the Fleet configuration with
fleetctl get config --include-server-configosquery.result_log_pluginfilesystem.result_log_filen
nick fury
09/11/2022, 11:38 AMthis command isn't working for me
nick fury
09/11/2022, 11:38 AMare you sure that is available in fleet 3.5.1
9 Views