Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
e
Ed
06/26/2019, 12:57 PMAm i right in thinking that Fleet itself doesn't pull back and store the results of scheduled queries and that if I want access to those results I'll need to ship them to some form of log aggregator?
j
jussiu
06/26/2019, 1:06 PMThe results of scheduled queries are stored in results.log
But usually people forward from there to a log aggregator.
e
Ed
06/26/2019, 1:07 PMOn the endpoint filesystem as opposed to the fleet server itself?
b
benbass
06/26/2019, 1:13 PMYou can have the logger be the local filesystem on the endpoints, or use a tls logger which will send the logs to your fleet instance.
Either way you need a way to ship the logs off of your fleet server or the end points.
e
Ed
06/26/2019, 1:15 PMThanks, when using the tls logger, whereabouts on the fleetserver are those logs stored?
e
Ed
06/26/2019, 2:22 PMThanks, I'd looked at that page before but clearly didn't read it properly.
b
benbass
06/26/2019, 2:36 PMNo problem - sometimes it is easier to read documentation when you already are familiar with the product
z
zwass
06/26/2019, 3:37 PMNote that Fleet can now log directly to AWS Firehose, and soon GCP PubSub.