Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
k
Kenny Stevens
03/06/2019, 6:54 PMHello, I’m looking to ship the kolide-fleet logs from the filesystem using Fluent and into my ES cluster. Does kolide have that capability to use Fluent to ship logs off?
z
zwass
03/06/2019, 6:55 PMFleet doesn't have any log-shipping built in. Typically you would use fluentd to ship logs of the Fleet server filesystem(s).
k
Kenny Stevens
03/06/2019, 6:56 PMAnd I would assume it’s the same with OSQuery if I’d like to use Fluent?
n
nyanshak
03/06/2019, 6:57 PMYup, that sounds about right. If you're logging to filesystem, I think it's assumed that you'll configure something to ship it separately.
There are logging plugins for things like Kinesis, and you could write your own... though I'd recommend just configuring fluent instead of writing a plugin for that specifically
k
Kenny Stevens
03/06/2019, 6:59 PMAhh. Okay! Thank you!
z
zwass
03/06/2019, 7:02 PMIf it's easy enough for you to get fluentd on all your osquery nodes, you might as well log to the filesystems and ship from there. Sometimes it can be easier to just run the log forwarder on the Fleet server and let Fleet aggregate the logs on its own filesystem.
k
Kenny Stevens
03/06/2019, 7:15 PMOhh! I see. Thank you!