Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
o
Ojas
09/26/2022, 11:06 AMAnyone who has configure osquery to send results to s3? can we have a call?
below is my config and still results are not flowing into aws 😐
config:
spec:
host_settings:
enable_software_inventory: true
vulnerability_settings:
databases_path: /tmp/
options:
host_identifier: hostname
schedule_splay_percent: 10
logger_plugin: aws_kinesis,aws_firehose
aws_kinesis_stream: fleetosquery****
aws_firehose_stream: fleetosquery***
aws_access_key_id: *********
aws_secret_access_key: *********
aws_region: eu-west-2
disable_carver: false
pack_delimiter: /
proxy_hostname: **
carver_block_size: 2097152
logger_tls_period: 10
distributed_plugin: tls
disable_distributed: false
logger_tls_endpoint: /api/osquery/log
distributed_interval: 10
carver_start_endpoint: /api/v1/osquery/carve/begin
carver_disable_function: false
carver_continue_endpoint: /api/v1/osquery/carve/block
distributed_tls_max_attempts: 3
schedule:
time:
query: SELECT * FROM time;
interval: 2
removed: false
osquery:
osquery_result_log_plugin: kinesis
osquery_status_log_plugin: kinesis
decorators:
load:
- SELECT uuid AS host_uuid FROM system_info;
- SELECT hostname AS hostname FROM system_info;
overrides: {}
k
Kathy Satterlee
09/26/2022, 3:45 PMThat's a great idea! You're close here, just need those options in the correct place (inside
agent_options