dear all, is it possible to split up the output of osqueryd.results.log into several logs, like osqueryd.apache.access.log and osqueryd.apache.error.log? Any hints? 🙂

@sonja you have to do some post-processing on your own. logstash or your own code for that.

Ok thank you!

I do this with the help of a TLS server that receives everything from the result log then sends the data to various workers depending on the log type/source

thanks! i plan to use fluentd to send the logs to kafka-topics, but osquery writes everything to the one file, so i finally have to configure fluentd to send some data to one topic and the other logs to other topics. Hope that works 🙏