hi fleet team, our fleet has a /var/log/fleet/resu...
# fleetw
wennan.he
09/22/2022, 11:40 PMhi fleet team, our fleet has a /var/log/fleet/result.log file storing lots of logging long time ago, could anyone help to explain what is it about?
r
Rachel Perkins
09/23/2022, 3:31 PMCould you give us an example or screenshot to help us understand what you're experiencing?
b
Benjamin Edwards
09/23/2022, 5:31 PMHey, I think this might just be the default logging destination for osquery results (scheduled queries in Fleet). So this would be expected.
https://fleetdm.com/docs/deploying/configuration#filesystem
More on osquery logs here: https://fleetdm.com/docs/using-fleet/osquery-logs
w
wennan.he
09/23/2022, 5:37 PMyes sure, we have some issue before and we found this file storing logging 2 weeks ago like:
wennan.he
09/23/2022, 5:38 PMthis is caused by a scheduled query we setup long time ago which is already stopped.
wennan.he
09/23/2022, 5:38 PMbut i dont understand why it is not rotated.
b
Benjamin Edwards
09/23/2022, 6:03 PMyou can enable rotation using this https://fleetdm.com/docs/deploying/configuration#filesystem-enable-log-rotation
w
wennan.he
09/23/2022, 6:32 PMso you mean the that log file is not enabled for rotated by default?
b
Benjamin Edwards
09/23/2022, 6:32 PMCorrect it's not enabled by default
w
wennan.he
09/23/2022, 6:33 PMso if it is not, and if fleet collects huge size of data for scheduled queries, that might cause disaster, right?
wennan.he
09/23/2022, 6:34 PMIO will crash the disk
4 Views