Hi @Guillaume, I am not able to log results to osqueryd.results.log with osquery on windows 10 Steps which I have followed 1.My osquery.conf file { "options": { "logger_snapshot_event_type": "true", "schedule_splay_percent": 10 }, "platform": "windows", "schedule": { "cpu_info": { "query": "select * from cpu_info;", "interval": 1, "platform": "windows", "version": "3.3.2", "description": "General cpu_information " } }, "packs": { // "performance-metrics": "packs/performance-metrics.conf", //"security-tooling-checks": "packs/security-tooling-checks.conf", // "unwanted-chrome-extensions": "packs/unwanted-chrome-extensions.conf", // "windows-application-security": "packs/windows-application-security.conf", // "windows-compliance": "packs/windows-compliance.conf", // "windows-registry-monitoring": "packs/windows-registry-monitoring.conf", // "windows-attacks": "packs/windows-attacks.conf" } } 2.Run in powershell admin PS C:\Program Files\osquery\osqueryd> .\osqueryd.exe E0828 160845.261500 19992 processes.cpp:312] Failed to lookup path information for process 4 E0828 160845.261500 19992 processes.cpp:332] Failed to get cwd for 4 with 31 E0828 160845.261500 19992 processes.cpp:312] Failed to lookup path information for process 96 E0828 160845.261500 19992 processes.cpp:332] Failed to get cwd for 96 with 31 E0828 160845.261500 19992 processes.cpp:312] Failed to lookup path information for process 2100 E0828 160845.261500 19992 processes.cpp:332] Failed to get cwd for 2100 with 31 I0828 160847.488893 17424 database.cpp:570] Checking database version for migration E0828 160847.582640 17424 init.cpp:594] Cannot activate filesystem logger plugin: Could not create file: \ProgramData\osquery\log\osqueryd.results.log pls guide me steps, what i cam doing wrong please guide me steps, what i cam doing wrong thank you so much

Hi! Check out this thread - also please don't cross-post in DM + multiple channels... most of us are happy to help out but not always available, better to keep it in a single public channel. Seems like a permission issue of some kind - does the file exist already? Is the Service stopped (you can't run it twice)?

I have installed 3.3.2 version with msi on windows

@Sparta hi, I met same problem and don’t know how to solve it. had you solved it?

Hi @Guillaume was there a link to a different thread you intended to include here?