Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
n
nick fury
09/06/2022, 2:02 PMhi, my osquery_resault.log at my fleet stop getting data in the past two weeks, and idea why does can it happen?
k
Kathy Satterlee
09/06/2022, 2:41 PMHi, @nick fury! Any chance your Logging destination got changed in Fleet? Are your hosts showing up as
onlinen
nick fury
09/06/2022, 2:46 PMno changes and my hosts are online
k
Kathy Satterlee
09/06/2022, 3:03 PMAre there any errors in the server logs?
And are the osquery status logs still updating?
n
nick fury
09/06/2022, 4:36 PMthe osquery status log still getting updated
k
Kathy Satterlee
09/06/2022, 4:44 PMThat depends a little on your setup. The default output for Fleet error logs is
stderrIf the status logs are getting updated, is there any chance that we have an odd situation where you're only running differential queries and things haven't changed? Or have you run live queries as well?
n
nick fury
09/06/2022, 6:56 PMhttps://osquery.slack.com/archives/C01DXJL16D8/p1662482682951189?thread_ts=1662472936.461979&cid=C01DXJL16D8
ye im using stderr, when can i see them in the console?
k
Kathy Satterlee
09/06/2022, 6:57 PMYou'd need to look at the terminal window/console that is running Fleet.
n
nick fury
09/06/2022, 6:59 PMdo you have any other idie?
k
Kathy Satterlee
09/07/2022, 2:46 PMAre you getting results back when you run a love query?
n
nick fury
09/08/2022, 9:32 AMyes
k
Kathy Satterlee
09/08/2022, 4:45 PMJust to be absolutely sure, can you pull the Fleet configuration with
fleetctl get config --include-server-configosquery.result_log_pluginfilesystem.result_log_filen
nick fury
09/11/2022, 11:38 AMthis command isn't working for me
are you sure that is available in fleet 3.5.1