hi all
We have osqueryd.snapshots.log file is very...
# generalv
vladiya
06/19/2019, 5:42 PMhi all
We have osqueryd.snapshots.log file is very large on certain servers. about 1GB. What would be the reason for that behaviour?
z
zwass
06/19/2019, 5:43 PM
That log is where the results of "snapshot" queries go. You need to implement some sort of system to consume those logs and rotate/truncate/delete the log files. If you aren't using the results, perhaps look at reducing the interval on those queries or unscheduling them so that you don't fill up the log file.
v
vladiya
06/19/2019, 5:58 PMThanks for reply.
In my case we use the tls for transport to kolide server. is that means that kolide\fleet doesn't succeed to handle all the logs. Is it possible to define max size or data retention?
z
zwass
06/19/2019, 5:59 PM
This means that your logs are going to the local filesystem. Either the logs are not going to the Fleet server or it is configured to go to both.
v
vladiya
06/19/2019, 6:01 PMthat is weird...tomorrow i'll recheck the all the configs
thanks!