Is there any parameter i m missing to control max size of th

Question

Is there any parameter i m missing to control max size of the results log Or some sort of log rotation Mac OS

Jamie Windley · Answer

And what user the log is created as or what permissions

zwass · Answer

It s up to you as an admin to handle log shipping rotation

Jamie Windley · Answer

Ok thank you

zwass · Answer

I believe the logfile will be created as the user that is running osquery with read write permissions for that user

Jamie Windley · Answer

zwass do you know of any config setting to at least set the group of the file that is created

Jamie Windley · Answer

I have to run osqueryd as a service reading from hardware events thus I think it has to be run as root

Jamie Windley · Answer

But I need non root user to read the resulting log file