hey that s generally a no Not sure what your setup

Question

hey < allan> that s generally a no Not sure what your setup is but I believe the default config logs to var log osquery

allan · Answer

I tried just installing the latest deb from the osquery apt repo for xenial Went with a super vanilla config just setting the `logger path` and watchdog configs `osqueryd` logged to both path set in my config as well as ` tmp` shrug

clippy · Answer

hmmm what version you on

clippy · Answer

is it a 3+

allan · Answer

nope

allan · Answer

2 11 2

clippy · Answer

not sure what you ve got set up but I ve got 2 11 2 running on 1000+ machines that don t log to tmp =

allan · Answer

Interesting You can validate that your ` tmp` directory is absent of log lines like this `osqueryd some host invalid user log INFO 20180522 120025 166251`

clippy · Answer

sadly I can t do it on those hosts I m not cool enough to get access

clippy · Answer

but interestingly i have a local test box that does have it in tmp as well as sending to TLS endpoint

clippy · Answer

so you re not totally crazy slightly smiling face