Well… What’s in the log?
# kolides
seph
06/19/2020, 5:57 PM
Well… What’s in the log?
t
Tim
06/19/2020, 7:44 PM@seph it looks like stuff thats used by kolide to fill in the host info on the card, like host_uuid, time, osquery version and stuff like that. It's just in there repeatedly, looks to save more every time the host checks in
s
seph
06/19/2020, 7:45 PM
I’m not sure I understand.
You’re saying this is a results log, and that it has a lot of decorators in it?
seph
06/19/2020, 7:45 PM
Is this ultimately your local configuration?
t
Tim
06/19/2020, 7:46 PMits not the results log. its the osquery-output.log, not sure if thats what the results go on MAC but there are no scheduled queries configured
s
seph
06/19/2020, 7:46 PM
Can you send a snippet? I’m not sure why those things would be logged there
t
Tim
06/19/2020, 7:47 PMand no, it's deployed across my environment and a user reported this to me while cleaning up their workstation
s
seph
06/19/2020, 7:48 PM
Without seeing a log, I’m not really sure what you’re referring to. But this might be fleet specific, and I don’t do much with fleet
seph
06/19/2020, 9:23 PM
For future readers — I’ve been chatting with Tim in DMs. I don’t think this is a Kolide related. The mac package he’s using sets osquery in verbose mode, and does not have log rotation.