Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hey friends!
For scheduled query results logging, is there a way to specify a destination Kinesis stream in a different AWS account than the one in which Fleet is running? (i.e. Fleet is running in accountA. My Destination Kinesis stream is in accountB)

Hiya! You can send those logs to another account, just use the information for the destination you want to use for logging when <https://fleetdm.com/docs/deploying/configuration#kinesis|configuring the plugin>.

```            - name: FLEET_OSQUERY_RESULT_LOG_PLUGIN
              value: "firehose"
            - name: FLEET_FIREHOSE_REGION
              value: "us-west-2"
            - name: FLEET_FIREHOSE_RESULT_STREAM
              value: "p8t-osquery-stage-logs-es"```
This is what I've configured. There doesn't seem to be a way to specify that the RESULT_STREAM is in fact another account

Fleet keeps searching for the stream inside the same account :slightly_smiling_face: and fails ofcourse

tried changing the following
```FLEET_FIREHOSE_RESULT_STREAM
              value: &lt;ARN of the delivery stream in AccountB&gt;```
but that doesn't work because the entire value just gets appended like so
``` arn:aws:firehose:&lt;region&gt;:&lt;AccountA&gt;:deliverystream/&lt;ARN of the delivery stream in AccountB&gt;```


I'll just create the stream inside AccountA I guess and configure cross-account rules on my downstream destination instead ... but this cross-account Kinesis stream option would be nice to have for sure

Sorry for any confusion there. I saw `Kenesis`, so I assumed that was your log destination plugin. Let me dig in to firehose.

You can also set your `firehose_access_key_id` and `firehose​_secret​_access​_key`. The details for that are here:

<https://fleetdm.com/docs/deploying/configuration#firehose>

Hope that's a little more helpful for you. And that'll teach me not to assume :)