Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
z
zwass
06/12/2018, 1:33 PM@nNipsx regular osqueryd can get scheduled query packs from Fleet. Is that what you were asking?
n
nNipsx
06/12/2018, 1:34 PMyes
Now I'm trying to do this
but cant do this
z
zwass
06/12/2018, 1:36 PMAre you getting an error?
n
nNipsx
06/12/2018, 1:37 PMNo
i'm setup all config for Packs
but dont recive any result from osquery
z
zwass
06/12/2018, 1:38 PMDo you have the pack targeted to any hosts?
n
nNipsx
06/12/2018, 1:38 PMyes
can you remote my machine and check it again ?
i have some lab in my PC
z
zwass
06/12/2018, 1:39 PMNo, but I can help you continue debugging
n
nNipsx
06/12/2018, 1:39 PMmy Version of Kolide fleet is 1.0.6
and Osquery is 2.11.0
z
zwass
06/12/2018, 1:40 PMPlease upgrade fleet to 1.0.8 and try again
n
nNipsx
06/12/2018, 1:40 PMit's okay for schedule query
can you send me fleet 1.0.8
z
zwass
06/12/2018, 1:40 PMWhat do you mean it's okay for schedule query?
n
nNipsx
06/12/2018, 1:40 PMi'm just find 1.0.7
z
zwass
06/12/2018, 1:40 PMn
nNipsx
06/12/2018, 1:42 PMoh thanks let me try this and keep contact with you in this post 😄
Hi, can you give me some example for create and get results log with schedule Packs ?
z
zwass
06/12/2018, 2:47 PMThe results go to
/tmp/osquery_resultThis is configurable with
--osquery_result_log_filen
nNipsx
06/12/2018, 2:48 PMI'm set log file is /var/log/kolide/osquery_result
and can you give me some example about create query simple and get log from schedule
z
zwass
06/12/2018, 2:49 PMTry adding a query like
select * from timen
nNipsx
06/12/2018, 2:55 PMand what about shard
z
zwass
06/12/2018, 5:58 PMTypically you would leave shard empty
n
nNipsx
06/12/2018, 6:18 PMThanks for your support
i'm running success in Linux
but let me try with Windows
And now my system running is 106 kolide
So i want upgrade this version to 108
How to do that
n
nNipsx
06/13/2018, 3:50 PMthanks