Hey everyone! I start osquery with

--logger_plugin=kafka_producer,filesystem

to store

INFO\WARN\ERR

logs on local disk, is there any way to limit

osqueryd.results.log

file size? I only want to send

osqueryd.results.log

to kafka.

I wasn't able to figure out a way to limit the size if the logs on the filesystem, other than to tweak the log level, though that only affects the INFO\WARN\ERR logs. https://osquery.readthedocs.io/en/stable/installation/cli-flags/#loggingresults-flags What we decided to do is to just use the tls logger plugin and bypass local logs and just post tls to Fleet, then to Splunk. If you weren't concerned with local status logs, then you could do something similar. with tls, the local results are buffered to rocksDB, and we haven't seen that grow very large at all as they are shipped off to Fleet quickly. The size of my local DB on my mac for example is 6 MB