Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
a
Artem
03/22/2021, 5:13 PMHello! Could you tell me please, is it possible to log the actual time of arrival of the event from the osquery client (not the query time) in Fleet status and result logs?
We analyze different cases of receiving events for VPN users, it would be very useful for further debugging.
If there is no such functionality, can I put a ticket to the github for its implementation?
n
Noah Talerman
03/22/2021, 8:01 PMthe actual time of arrivalHi @Artem. Do you mean the time the Fleet server receives the data from the osquery client?
a
Artem
03/23/2021, 6:39 AM@Noah Talerman hello! Yes, exactly.
n
Noah Talerman
03/23/2021, 9:10 PMIt’s not possible to log the actual time of arrival of the event from the osquery client in Fleet.
One potential workaround is to look into the “Created at” information supplied by your log destination. However, this requires that you’re sending your osquery logs to a destination that has a “Created at” column.
Please feel free to file an issue on GitHub! The Fleet team would like to better understand the issue you’re trying to solve.
a
Artem
03/31/2021, 8:21 AM@Noah Talerman okay, thank you! Sorry for long delay with answer :(
n
Noah Talerman
03/31/2021, 5:40 PMNo worries!