Title
#general
Mystery Incorporated

Mystery Incorporated

11/16/2020, 4:23 AM
How are other people handling the log size?
sundsta

sundsta

11/16/2020, 4:04 PM
We ship the logs off the system to a centralized logging platform. You want to do this for many reasons, but to start: Manually inspecting the logs on each host is a headache and if the box is compromised, the attacker can just delete the logs and you’ve lost all your data to use in forensics.
Mystery Incorporated

Mystery Incorporated

12/05/2020, 12:04 PM
Yah I'm using filebeat to ship the log off but how are you reducing the size of the osquery log?