Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
w
wennan.he
09/22/2022, 11:40 PMhi fleet team, our fleet has a /var/log/fleet/result.log file storing lots of logging long time ago, could anyone help to explain what is it about?
r
Rachel Perkins
09/23/2022, 3:31 PMCould you give us an example or screenshot to help us understand what you're experiencing?
b
Benjamin Edwards
09/23/2022, 5:31 PMHey, I think this might just be the default logging destination for osquery results (scheduled queries in Fleet). So this would be expected.
https://fleetdm.com/docs/deploying/configuration#filesystem
More on osquery logs here: https://fleetdm.com/docs/using-fleet/osquery-logs
w
wennan.he
09/23/2022, 5:37 PMyes sure, we have some issue before and we found this file storing logging 2 weeks ago like:
this is caused by a scheduled query we setup long time ago which is already stopped.
but i dont understand why it is not rotated.
b
Benjamin Edwards
09/23/2022, 6:03 PMyou can enable rotation using this https://fleetdm.com/docs/deploying/configuration#filesystem-enable-log-rotation
w
wennan.he
09/23/2022, 6:32 PMso you mean the that log file is not enabled for rotated by default?
b
Benjamin Edwards
09/23/2022, 6:32 PMCorrect it's not enabled by default
w
wennan.he
09/23/2022, 6:33 PMso if it is not, and if fleet collects huge size of data for scheduled queries, that might cause disaster, right?
IO will crash the disk