Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

image.png

WUT??????? Those paths are obviously false and the agregating logs link just takes you to osquery doco. Where is fleet storing query results?

Please check

/tmp/osquery_result
/tmp/osquery_status

<@U024YPBKMC5> hi, thank you, that file exists but it is empty.

<@U024YPBKMC5> oh I see what happened here, randomly executed queries are not logged, only oines that are part of a query pack. Now I am seeing results in that file. Thank you