Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
g
groob
07/24/2018, 11:57 PM@thor is there every a way to capture logs that osquery sends to stderr in the filesystem logger?
t
thor
07/25/2018, 4:03 PMNo š This is something that could definitely use a fix, as there isn't a good way to get logging information when osquery is running as a system service before the logger plugins are initiated š
b
Bit_by_bit
07/26/2018, 5:58 PMJust throwing ideas here: Can we not have a command line sort of thing going on in the osquery shell so as to print information to a file rather than to stdout? (eg: select * from processes; > <filename>)
I am not sure if this sort of a thing would be possible in osqueryd as that would be a background process...
@groob I think if you can find a line in the code where osquery is sending stuff to stderr, you can change the file pointer to point to a different file to send information there right?
g
groob
07/26/2018, 6:00 PMIād like not to distribute a version of osquery which was built by me, using the one provided by FB has some nice guarantees š
but def plan on filing an issue and potentially a PR