jsanchez03/26/2021, 5:12 PM
for bot result.log and status.log. I was using the old environment variables from Kolide, but I recently changed them to match what is shown in the Fleetdm 3.9 doc's since I recently upgraded to that version.
Noah Talerman03/26/2021, 5:41 PM
jsanchez03/26/2021, 5:42 PM
FLEET_LOGGING_JSON: "true" FLEET_FILESYSTEM_ENABLE_LOG_ROTATION: "true" FLEET_FILESYSTEM_STATUS_LOG_FILE: /var/log/osquery/status.log FLEET_FILESYSTEM_RESULT_LOG_FILE: /var/log/osquery/result.log FLEET_OSQUERY_STATUS_LOG_PLUGIN: filesystem FLEET_OSQUERY_RESULT_LOG_PLUGIN: filesystem
jsanchez03/26/2021, 6:51 PM
I have checked the configuration by using
everything is configured correctly, I have made a query pack that runs every 1hr checking for my user name which does provide results and I have chosen snapshot for type of logging in the query pack. the log path still is empty at this point.
jsanchez03/26/2021, 8:42 PM
Noah Talerman03/26/2021, 9:52 PM
Noah Talerman03/30/2021, 3:20 PM
jsanchez03/30/2021, 6:06 PM
but since both status.log and result.log were configured to be placed there I was not able to see the issue until I changed the permissions on that directory. the file was created as root, and had no other permissions set for other users. I changed the permissions to allow r/w for our fleet user that runs