Frank Fenn

08/18/2021, 8:08 PM
Hello, I have a logger extension which I want to extend to receive status messages to filter out specific messages related to running queries. I’ve enabled --verbose but set --logger_stderr=false. I get all the scheduler messages now in my logger plugin and can filter out the message I need (for example:Executing scheduled query running_processes_osx_events) but they are still logged to stderr with the message prefix I0818. Is there a way to get all --verbose messages send trough a logger plugin and NOT log the same thing to stderr? We are using OSQuery 4.9.0 on macOS

Mike Myers

08/20/2021, 7:22 PM
I haven't tried this, but, perhaps setting
would work. That's supposedly how you control
which is what osquery is using to log.