Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hi , I know that Kolide server can log the results osquery agents in a central log file. May I know where I can I see those logs? My osquery_result  is empty

Check this out! <https://github.com/kolide/fleet/blob/master/docs/infrastructure/working-with-osquery-logs.md>
Basically, default is `/tmp/osquery_result` or you can set it to log whereever you want.
if you don't see results there you have something wrong with the config

Also, check to see if you have anything scheduled to run :slightly_smiling_face:

I think I've loaded packs in the past, but not enabled them and that's why I was not getting results...

can you kindly let me know which config file I should check ?

the config file may or may not be used. it's just the config that's used to startup fleet. <https://github.com/kolide/fleet/blob/master/docs/infrastructure/configuring-the-fleet-binary.md>

can you verify that its running? run something like `ps aux | grep fleet`

I did the same way .. I passed --osquery_result_log_file flag while staring fleet

someone from kolide may have to verify this, but I don't think adhoc queries get logged to the results file

you could save a query, create a new pack, enable it and add a host to check this

I just created a sample pack and it is in enabled state

take a look at this: <https://github.com/kolide/fleet/blob/master/docs/dashboard/scheduling-queries.md>

before that I see some results in osquery_status

I guess its coming from the default osqueryd query which I have removed