Channels
#kolide
Title
# kolide
z
zwass
12/18/2018, 12:19 AM
What are the contents of /etc/osquery/osquery-local.conf?
k
Konstantin
12/18/2018, 4:17 AM Copy code
root@hq-o:/etc/osquery# cat osquery-local.conf
{
"schedule": {
"process_events": {
"query": "SELECT * FROM process_events;",
"interval": 10,
"snapshot" : false
}
},
"decorators": {
"load": [
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT user AS username FROM logged_in_users ORDER BY time DESC LIMIT 1;"
]
}
}z
zwass
12/18/2018, 4:29 AM
It looks to me like Fleet is sending down a correct config, so I suspect this might be a bug in osquery. A couple things to check:
1) Does osquery with a local config work when you specify
--logger_plugin='syslog,filesystem'logger_pluginsyslog