Hi, Would someone kindly give me some advice on memory sizing of osqueyd? I'm trying to monitoring some Linux servers using osqueryd. During test at staging environment, some of the agent process restart frequently(every 5 minutes) due to excessive memory usage. The --watchdog_memory_limit is set to 300MB now. What should I consider to increase this threshold? Increase it from 300MB to 1GB may resolve the problem at staging environment. However, load of servers at production environment are higher than those at staging environment, thus I need a general method to decide a reasonable limit.

Depends entirely on the queries you’re running. osquery doing nothing should take almost no ram.