https://github.com/osquery/osquery logo
Join Slack
Powered by
Hello, trying to get query results logging however...
# kolide
s
Hello, trying to get query results logging however not having any luck. The status.log is updating, but nothing seems be to be going to result.log.
Copy code
[Unit]
Description=Kolide Fleet
After=network.target

[Service]
LimitNOFILE=8192
ExecStart=/usr/bin/fleet serve \
  --mysql_address=127.0.0.1:3306 \
  --mysql_database=xxxxxx \
  --mysql_username=xxxxxx\
  --mysql_password=xxxxxxxxx \
  --redis_address=127.0.0.1:6379 \
  --server_cert=/opt/fleet/certificates/server.cert \
  --server_key=/opt/fleet/certificates/server.key \
  --logging_json=true \
  --auth_jwt_key=xxxxxxxxxx \
  --filesystem_status_log_file=/var/log/osquery/status.log \
  --filesystem_result_log_file=/var/log/osquery/result.log

[Install]
WantedBy=multi-user.target
and ``` apiVersion: v1 kind: options spec: config: decorators: load: - SELECT uuid AS host_uuid FROM system_info; - SELECT hostname AS hostname FROM system_info; options: disable_distributed: false disable_events: false disable_logging: false distributed_interval: 10 distributed_plugin: tls distributed_tls_max_attempts: 3 distributed_tls_read_endpoint: /api/v1/osquery/distributed/read distributed_tls_write_endpoint: /api/v1/osquery/distributed/write logger_event_type: true logger_plugin: tls logger_tls_endpoint: /api/v1/osquery/log logger_tls_period: 10 pack_delimiter: / verbose: true overrides: {} ```are my configs so far, pretty out of the box at the moment.
o
did you make sure that the scheduled query is running and has more than 0 hosts assigned to it?
1
3 Views
Open in Slack
PreviousNext
Powered by