Hello. Curious what happens in this scenario with latest osquery: • osquery running loaded schedule of queries and forwarding events to AWS Kinesis • Network connection on endpoint is severed (e.g. wifi goes out) • osquery continues executing schedule of queries • Some time later network connection is restored Short of digging through code to find the answer can anyone tell me the expected behavior in that scenario in 5.2.2? I see logs written to osquery.results.log for the time of disconnection. Am I to expect the logs during inability to resolve the Kinesis endpoint to be transmitted at a later time? What about across a restart of osquery during the outage? Thanks in advance for any info or direction to Docs links on the subject.

Kinesis plugin will buffer logs in the local RocksDB database until they are successfully sent to Kinesis (until

--buffered_log_max

is exceeded, then the oldest logs will start getting dropped).

Thanks for the input @zwass. Is there a way to observe that backup of logs? Are they retained across a restart event?