Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
p
Prakash Choudhary
03/26/2021, 3:54 AM@here I am new to osquery like to clarify few questions.
1) if there is no change in the table the schedule interval query result will not be added to log file ?
2) is there a way to configure to output each query into a new output file
p
Prateek Kumar Nischal
03/26/2021, 8:29 AMFor regular queries, only new / different rows are written to the log stream.
To make the output write everytime, you need to make the schedule query
snapshotp
Prakash Choudhary
03/26/2021, 10:35 AM@Prateek Kumar Nischal please also suggest on the 2 point
p
Prateek Kumar Nischal
03/26/2021, 10:38 AMNew output file, for that you will need to write your own logging plugin. At the time AFAIK, there isn't much control (intentionally) on the logger..
p
Prakash Choudhary
03/26/2021, 11:12 AM@Prateek Kumar Nischal ok thanks
s
spookerlabs
03/26/2021, 12:36 PMI like this post a lot explaining how it works https://blog.kolide.com/osquery-under-the-hood-c1a8df46bb7a
p
Prakash Choudhary
03/26/2021, 1:19 PMthanks @spookerlabs nice article
👍 1