Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

`distributed_plugin=tls` is the default setting, but what are the other plugins? `filesystem` caused osqueryd to crash.

context: I'm trying to test my config and queries locally without posting results anywhere, I haven't set a `tls_endpoint` because i just want query results to be saved to /var/log/osquery/osqueryd.results.log

If it crashed, could I ask you to report it here <https://github.com/osquery/osquery/issues>, with all the information you can give? Thanks!

As for the `distributed_plugin`, there’s only `tls` now. You can check here <https://github.com/osquery/osquery/tree/master/plugins> and then find the REGISTER directive, similar to this: `REGISTER(TLSDistributedPlugin, "distributed", "tls");`

In any case the distributed plugin is just meant to retrieve requests to run ad-hoc queries from your fleet manager.
Given that you have local access to the machine for now, you don’t need to set it up at all.

If you don’t pass `--disable_distributed=false` it’s already disabled by default