slevchenko
09/27/2022, 11:38 AMflag provided but not defined: -verbose
osqueryd[99410]: Usage of /opt/osquery/plugins/logger/threat_logger.ext:
osqueryd[99410]: -interval int
osqueryd[99410]: -socket string
osqueryd[99410]: path to osqueryd extensions socket
osqueryd[99410]: -timeout int
What I've did:
1. Loaded logger_plugin via extensions.load
file
/opt/osquery/plugins/logger/threat_logger.ext
2. Enabled it via logger_plugin flag:
--logger_plugin=/opt/osquery/plugins/logger/threat_logger.ext
seph
-verbose
and those need to be updated.slevchenko
09/27/2022, 1:55 PMseph
slevchenko
09/27/2022, 1:57 PMseph
slevchenko
09/27/2022, 1:58 PMosquery.flags
fileseph
verbose
set, then it passes it to the extensions and those examples lack it?
I’d suggest filing an issue in osquery-go, or just sending in a PR. Assuming it’s reasonable, I’d approve itslevchenko
09/27/2022, 1:59 PMfilesystem
logger plugin, I don't know how it's called in reality, or if it even exists as an optionseph
slevchenko
09/27/2022, 2:01 PM"logger_plugin": "threat_logger,filesystem"
seph
slevchenko
09/27/2022, 2:02 PMzwass
slevchenko
09/27/2022, 3:08 PMfilesystem
or default
or something elseseph
filesystem
and confirms you can have multipoleslevchenko
09/27/2022, 3:15 PM