Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
s
stefanmaerz
03/02/2018, 4:35 PMI'll also add that /var/log/osquery/result.log is world read writable and selinux is disabled (rhel7)
z
zwass
03/02/2018, 4:45 PMOn the Fleet server, right?
🍻 1
s
stefanmaerz
03/02/2018, 4:48 PMthat was my problem. I thought the logs were stored locally on the client
thanks!
z
zwass
03/02/2018, 4:49 PMSweet, glad you worked it out! You can of course configure logs to be stored on the local machine, but part of the advantage of Fleet is that it aggregates the logs onto a single machine for you.
👍 1
s
stefanmaerz
03/02/2018, 4:54 PMI actually much prefer them on the fleet server. Makes my deployment much easier since I don't have to worry about collecting logs from 4000 endpoints
z
zwass
03/02/2018, 5:06 PMWe totally agree 🙂