Is there any parameter i'm missing to control max ...
# generalj
Jamie Windley
05/14/2019, 7:49 PMIs there any parameter i'm missing to control max size of the results.log? Or some sort of log rotation (Mac OS)
Jamie Windley
05/14/2019, 7:50 PMAnd, what user the log is created as or what permissions
z
zwass
05/14/2019, 7:50 PM
It's up to you as an admin to handle log shipping/rotation.
j
Jamie Windley
05/14/2019, 7:50 PMOk, thank you
z
zwass
05/14/2019, 7:52 PM
I believe the logfile will be created as the user that is running osquery, with read/write permissions for that user.
j
Jamie Windley
05/15/2019, 2:56 PMzwass - do you know of any config setting to at least set the group of the file that is created
Jamie Windley
05/15/2019, 2:57 PMI have to run osqueryd as a service, reading from hardware_events, thus I think it has to be run as root
Jamie Windley
05/15/2019, 2:57 PMBut I need non-root user to read the resulting log file
2 Views