Title
#general
clippy

clippy

05/22/2018, 8:52 PM
hey @allan that's generally a no. Not sure what your setup is, but I believe the default config logs to /var/log/osquery
a

allan

05/23/2018, 12:25 AM
I tried just installing the latest deb from the osquery apt repo (for xenial). Went with a super vanilla config (just setting the
logger_path
and watchdog configs.
osqueryd
logged to both path set in my config as well as
/tmp
🤷
clippy

clippy

05/23/2018, 12:31 AM
hmmm what version you on?
12:31 AM
is it a 3+?
a

allan

05/23/2018, 3:55 AM
nope
3:55 AM
2.11.2
clippy

clippy

05/23/2018, 5:03 PM
not sure what you've got set up, but I've got 2.11.2 running on 1000+ machines, that don't log to /tmp =/
a

allan

05/23/2018, 8:26 PM
Interesting. You can validate that your
/tmp
directory is absent of log lines like this
osqueryd.some_host.invalid-user.log.INFO.20180522-120025.166251
?
clippy

clippy

05/23/2018, 8:31 PM
sadly I can't do it on those hosts, I'm not cool enough to get access
8:32 PM
but interestingly, i have a local test box that does have it in tmp as well as sending to TLS endpoint
8:32 PM
so you're not totally crazy 🙂