Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
t
theopolis
02/27/2020, 2:48 PMThere was a request for that a while back (to have it be INFO), I think from doorman to log the queries being run on someone’s host so they could personally audit it
s
Stefano Bonicatti
02/27/2020, 2:51 PMAh oups, maybe worth to put a comment + flag to choose the behavior?
s
seph
02/27/2020, 3:15 PMI’m kinda against more config flags. I’d rather say noisy logs, like query execution, go to verbose and status logs. If you want that info, read the verbose logs.
I would consider creating another log level/facility for query execution. But I think it’s a narrow case I’m kinda against it.
I’m pretty sure we don’t log distributed read executions to INFO. So it seems harmfully incomplete
t
theopolis
02/27/2020, 9:57 PMMakes sense