https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
g

Grant

09/16/2020, 5:05 PM
hello, is there a flag to only enable status logging to file system without getting the results logging
t

theopolis

09/16/2020, 5:14 PM
I think there’s a complex way to do this. In your use case you want results logs to go one place and status logs to go someplace else?
The way to do this is by enabling two logger plugins then there is a specific flag to not send results to the second logger IIRC.
g

Grant

09/16/2020, 6:41 PM
i am using an extension to get the log results, so no need to also write it to the files system, however, i want to keep osqueryd status logs
t

theopolis

09/16/2020, 7:00 PM
We used to have a 
--logger_secondary_status_only
which would do what you want. It looks like that feature was lost in the past due to lack of strong use cases for it.
So right now there is no way to do what you want, from my understanding. Sorry about that.
g

Grant

09/16/2020, 7:45 PM
np, thank you for the clarification
2 Views
Powered by