Channels
doorman
zercurity
infrastructure
code-review
queryhub
apple-silicon
carving
goquery
aws
querycon
golang
file-carving
fuzzing
help-proxy
darkbytes
process-auditing
general
windows
random
fleet-dev
tls
fim
awallaby
zentral
zeek
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
community-feeds
Powered by
#general
Title
# general
j
Jamie Windley
05/14/2019, 7:49 PM
Is there any parameter i'm missing to control max size of the results.log? Or some sort of log rotation (Mac OS)
And, what user the log is created as or what permissions
z
zwass
05/14/2019, 7:50 PM
It's up to you as an admin to handle log shipping/rotation.
j
Jamie Windley
05/14/2019, 7:50 PM
Ok, thank you
z
zwass
05/14/2019, 7:52 PM
I believe the logfile will be created as the user that is running osquery, with read/write permissions for that user.
j
Jamie Windley
05/15/2019, 2:56 PM
zwass - do you know of any config setting to at least set the group of the file that is created
I have to run osqueryd as a service, reading from hardware_events, thus I think it has to be run as root
But I need non-root user to read the resulting log file
2 Views
Post