when you run a query or pack from fleet should it be logged in the normal osquery log (e.g. C:\ProgramData\osquery\log\osquery.results.log (or snapshots)) - or just on the fleet server

This depends on how you configure osquery. The

filesystem

logger plugin in osquery will continue to write to the local filesystem. The

tls

plugin will write to Fleet. You can use both if you like.

thanks, and is that just specified in the manage additional osquery options config page by adding filesystem to the logger_plugin option?

Typically you would specify this in the config that Fleet sends down to osquery: https://github.com/kolide/fleet/blob/master/docs/cli/file-format.md#osquery-configuration-options

ah ok, so it's not possible to set logger_plugin here to

tls,filesystem