<@U0JT049S4> is there every a way to capture logs ...
# windowsg
groob
07/24/2018, 11:57 PM
@thor is there every a way to capture logs that osquery sends to stderr in the filesystem logger?
t
thor
07/25/2018, 4:03 PM
No š This is something that could definitely use a fix, as there isn't a good way to get logging information when osquery is running as a system service before the logger plugins are initiated š
b
Bit_by_bit
07/26/2018, 5:58 PMJust throwing ideas here: Can we not have a command line sort of thing going on in the osquery shell so as to print information to a file rather than to stdout? (eg: select * from processes; > <filename>)
I am not sure if this sort of a thing would be possible in osqueryd as that would be a background process...
Bit_by_bit
07/26/2018, 5:59 PM@groob I think if you can find a line in the code where osquery is sending stuff to stderr, you can change the file pointer to point to a different file to send information there right?
g
groob
07/26/2018, 6:00 PM
Iād like not to distribute a version of osquery which was built by me, using the one provided by FB has some nice guarantees š
groob
07/26/2018, 6:01 PM
but def plan on filing an issue and potentially a PR
2 Views