Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

hello, is there a flag to only enable status logging to file system without getting the results logging

I think there’s a complex way to do this. In your use case you want results logs to go one place and status logs to go someplace else?

The way to do this is by enabling two logger plugins then there is a specific flag to not send results to the second logger IIRC.

i am using an extension to get the log results, so no need to also write it to the files system, however, i want to keep osqueryd status logs

We used to have a `--logger_secondary_status_only` which would do what you want. It looks like that feature was lost in the past due to lack of strong use cases for it.

So right now there is no way to do what you want, from my understanding. Sorry about that.