hey <@U3FSRJ3EX> that's generally a no. Not sure ...
# generalc
clippy
05/22/2018, 8:52 PMhey @allan that's generally a no. Not sure what your setup is, but I believe the default config logs to /var/log/osquery
a
allan
05/23/2018, 12:25 AMI tried just installing the latest deb from the osquery apt repo (for xenial). Went with a super vanilla config (just setting the
logger_pathosqueryd/tmpc
clippy
05/23/2018, 12:31 AMhmmm what version you on?
clippy
05/23/2018, 12:31 AMis it a 3+?
a
allan
05/23/2018, 3:55 AMnope
allan
05/23/2018, 3:55 AM2.11.2
c
clippy
05/23/2018, 5:03 PMnot sure what you've got set up, but I've got 2.11.2 running on 1000+ machines, that don't log to /tmp =/
a
allan
05/23/2018, 8:26 PMInteresting. You can validate that your
/tmposqueryd.some_host.invalid-user.log.INFO.20180522-120025.166251c
clippy
05/23/2018, 8:31 PMsadly I can't do it on those hosts, I'm not cool enough to get access
clippy
05/23/2018, 8:32 PMbut interestingly, i have a local test box that does have it in tmp as well as sending to TLS endpoint
clippy
05/23/2018, 8:32 PMso you're not totally crazy 🙂
3 Views