is there every a way to capture logs that osquery se

Question

< thor> is there every a way to capture logs that osquery sends to stderr in the filesystem logger

thor · Answer

No confused This is something that could definitely use a fix as there isn t a good way to get logging information when osquery is running as a system service before the logger plugins are initiated disappointed

Bit_by_bit · Answer

Just throwing ideas here Can we not have a command line sort of thing going on in the osquery shell so as to print information to a file rather than to stdout eg select from processes gt lt filename gt I am not sure if this sort of a thing would be possible in osqueryd as that would be a background process

Bit_by_bit · Answer

< groob> I think if you can find a line in the code where osquery is sending stuff to stderr you can change the file pointer to point to a different file to send information there right

groob · Answer

I d like not to distribute a version of osquery which was built by me using the one provided by FB has some nice guarantees slightly smiling face

groob · Answer

but def plan on filing an issue and potentially a PR