For working with osquery logs -- I see the

filesystem

plugin in Fleet writes to a local file. Can I set it to write to syslog instead? I am planning on deploying on K8s, so I'm not sure if it would be easy to set up a log forwarder within the Fleet container

Syslog is not supported but probably wouldn't be too hard to add. Here are the docs on the available methods: https://github.com/kolide/fleet/blob/master/docs/infrastructure/working-with-osquery-logs.md

Thanks @zwass . Yep I looked at that. We use rsyslog and maybe I could just modify the docker image to instrument forwarding from the file to Kafka