Hi, not sure if this is the best place to ask, maybe someone knows: I’m using fleet to make queries and receive the results, however, regardless how I configure the logging plugin in fleet, it is not writing my live queries results to the file system, is this expected?

This seems related to a problem I have, have you tried restarting the osquery host after pushing the plugin configuration?

the hosts have osquery configuration manually, I’m saying queries results are forwarded to fleet (I can see the results in the web GUI) but not on the filesystem, and in the osquery host they are written to filesystem

Generally the #kolide channel is the best place to ask about the kolide open source software

facepalm thanks @zwass