Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
s
sonja
08/23/2017, 9:24 AMdear all,
is it possible to split up the output of osqueryd.results.log into several logs, like osqueryd.apache.access.log and osqueryd.apache.error.log?
Any hints? 🙂
g
groob
08/23/2017, 10:01 AM@sonja you have to do some post-processing on your own. logstash or your own code for that.
s
sonja
08/23/2017, 10:14 AMOk thank you!
g
groob
08/23/2017, 10:33 AMI do this with the help of a TLS server that receives everything from the result log then sends the data to various workers depending on the log type/source
s
sonja
08/23/2017, 12:17 PMthanks!
i plan to use fluentd to send the logs to kafka-topics, but osquery writes everything to the one file, so i finally have to configure fluentd to send some data to one topic and the other logs to other topics.
Hope that works 🙏