Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

how can i update the status_log_file and result_log_file . i want them to be save in `/etc/log/` instead of `/tmp`

Personally, I have fleet running with systemd on my Linux box. Therefore I have fleet serve pointing to a yaml configuration file which contains the lines:
`osquery:
    status_log_file: /var/log/osquery/status.log
    result_log_file: /var/log/osquery/result.log
    enable_log_rotation: true`

Slack squished it a tad there.
Anyways, if you're doing something similar you could update that and restart fleet using systemctl

those paths are configurable via the config file, CLI flags, or environment variables

so however you’re configuring `fleet serve` you should be able to override them