Channels
#kolide
Title
e
Ed
06/26/2019, 12:57 PMAm i right in thinking that Fleet itself doesn't pull back and store the results of scheduled queries and that if I want access to those results I'll need to ship them to some form of log aggregator?
j
jussiu
06/26/2019, 1:06 PMThe results of scheduled queries are stored in results.log
But usually people forward from there to a log aggregator.
e
Ed
06/26/2019, 1:07 PMOn the endpoint filesystem as opposed to the fleet server itself?
b
benbass
06/26/2019, 1:13 PMYou can have the logger be the local filesystem on the endpoints, or use a tls logger which will send the logs to your fleet instance.
Either way you need a way to ship the logs off of your fleet server or the end points.
e
Ed
06/26/2019, 1:15 PMThanks, when using the tls logger, whereabouts on the fleetserver are those logs stored?
e
Ed
06/26/2019, 2:22 PMThanks, I'd looked at that page before but clearly didn't read it properly.
b
benbass
06/26/2019, 2:36 PMNo problem - sometimes it is easier to read documentation when you already are familiar with the product
z
zwass
06/26/2019, 3:37 PM
Note that Fleet can now log directly to AWS Firehose, and soon GCP PubSub.