Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
s
soumitr
08/13/2019, 5:09 PMdo people generally use kolide fleet independently? are there any examples where kolide might be used to pipe osquery query results to a separate database for further processing?
z
zwass
08/13/2019, 5:10 PMIt's very common to push logs from Fleet to Splunk, ELK, or AWS.
s
soumitr
08/13/2019, 6:28 PMcould you please link me to some docs on how that kind of log forwarding could be set up?
z
zwass
08/13/2019, 7:10 PMFleet puts the logs on the filesystem of the server, then you can use any forwarding tool you like (fluentd, splunkd, logstash, etc.).
For AWS Firehose there is a built-in forwarder: https://github.com/kolide/fleet/blob/master/docs/infrastructure/configuring-the-fleet-binary.md#firehose
s
soumitr
08/13/2019, 8:43 PMthanks!!