hello is there a flag to only enable status logging to file

Question

hello is there a flag to only enable status logging to file system without getting the results logging

theopolis · Answer

I think there s a complex way to do this In your use case you want results logs to go one place and status logs to go someplace else

theopolis · Answer

The way to do this is by enabling two logger plugins then there is a specific flag to not send results to the second logger IIRC

Grant · Answer

i am using an extension to get the log results so no need to also write it to the files system however i want to keep osqueryd status logs

theopolis · Answer

We used to have a ` logger secondary status only` which would do what you want It looks like that feature was lost in the past due to lack of strong use cases for it

theopolis · Answer

So right now there is no way to do what you want from my understanding Sorry about that

Grant · Answer

np thank you for the clarification