• p

    Prakash Choudhary

    1 year ago
    @here I am new to osquery like to clarify few questions.1) if there is no change in the table the schedule interval query result will not be added to log file ? 2) is there a way to configure to output each query into a new output file
  • p

    Prateek Kumar Nischal

    1 year ago
    For regular queries, only new / different rows are written to the log stream. To make the output write everytime, you need to make the schedule query
    snapshot
    type. Then they will be written into the osqueryd.snapshot.log file.
  • p

    Prakash Choudhary

    1 year ago
    @Prateek Kumar Nischal please also suggest on the 2 point
  • p

    Prateek Kumar Nischal

    1 year ago
    New output file, for that you will need to write your own logging plugin. At the time AFAIK, there isn't much control (intentionally) on the logger..
  • p

    Prakash Choudhary

    1 year ago
    @Prateek Kumar Nischal ok thanks
  • spookerlabs

    spookerlabs

    1 year ago
    I like this post a lot explaining how it works https://blog.kolide.com/osquery-under-the-hood-c1a8df46bb7a
  • p

    Prakash Choudhary

    1 year ago
    thanks @spookerlabs nice article