https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
f

fr1day

11/30/2018, 8:02 AM
https://github.com/facebook/osquery/issues/5310 Has anyone encountered this question?
j

julient

11/30/2018, 2:59 PM
not at this level. on my side, sysadmin feedback-annoyance is more to the many log files in /tmp. for osquery.db, I want to ask what interval are using for events collection? osquery.db is a buffer so lower interval should help reduce it as far as I inderstand
f

fr1day

12/03/2018, 3:01 AM
For osquery's log, I hand out 
verbose:false
and 
logger_plugin:kafka
instead of 
verbose:true
and 
logger_plugin:kafka,filesystem
in online environment, so it will not generate much logs in disk. And my schedule time for events tables is 1 minutes. I think it's low enough. Osquery didn't count older logs, and so can't remove it sometimes.
3 Views
Powered by