@here I am new to osquery like to clarify few ques...
# generalp
Prakash Choudhary
03/26/2021, 3:54 AM@here I am new to osquery like to clarify few questions.
1) if there is no change in the table the schedule interval query result will not be added to log file ?
2) is there a way to configure to output each query into a new output file
p
Prateek Kumar Nischal
03/26/2021, 8:29 AMFor regular queries, only new / different rows are written to the log stream.
To make the output write everytime, you need to make the schedule query
snapshotp
Prakash Choudhary
03/26/2021, 10:35 AM@Prateek Kumar Nischal please also suggest on the 2 point
p
Prateek Kumar Nischal
03/26/2021, 10:38 AMNew output file, for that you will need to write your own logging plugin. At the time AFAIK, there isn't much control (intentionally) on the logger..
p
Prakash Choudhary
03/26/2021, 11:12 AM@Prateek Kumar Nischal ok thanks
s
spookerlabs
03/26/2021, 12:36 PMI like this post a lot explaining how it works https://blog.kolide.com/osquery-under-the-hood-c1a8df46bb7a
p
Prakash Choudhary
03/26/2021, 1:19 PMthanks @spookerlabs nice article
👍 1
4 Views