Channels
  • a

    Artem

    1 year ago
    Hello everyone! Please tell me how osquery saves the results of queries when there is no access to the tls server (fleet)? I did not find detailed information on this matter. Example, osquery is installed on client laptops that connect to corporate vpn. Fleet is available only from vpn, it is not directly accessible from the Internet. Having connected for the first time, the user polls the fleet server and receives a scheduled task from it to execute a specific request (let it be once every 5 minutes). Then the user disconnects from the vpn for several hours, but at the same time continues to work on the laptop, after which he reconnects to the vpn. Will query results be saved locally for the time interval when the user is not connected to the vpn? If so, is there any way to limit the size of this cache? In order not to receive a surge in traffic and data when a user connects to vpn after a long absence.
  • zwass

    zwass

    1 year ago
    Yes, results are buffered locally. You can configure this with
    --buffered_log_max
    .