Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 121

Update query scheduling FAQ (#2144)

Browse source
This commit is contained in:
Zachary Wasserman 2019-11-12 08:55:46 -08:00 committed by GitHub
parent 0a87bbf496
commit 7cb45305b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
docs/infrastructure/faq.md
View file

@ -25,7 +25,8 @@ Expecting results, but not seeing anything in the logs?
- Try scheduling a query that always returns results (eg. `SELECT * FROM time`).
- Check whether the query is scheduled in differential mode. If so, new results will only be logged when the result set changes.
- Ensure that the query is scheduled to run on the intended platforms, and that the tables queried are supported by those platforms.
- Look at the status logs provided by osquery. These are available on the filesystem of the Fleet server at the path configurable by [`--osquery_status_log_file`](./configuring-the-fleet-binary.md#osquery_status_log_file). This defaults to `/tmp/osquery_status`.
- Use live query to `SELECT * FROM osquery_schedule` to check whether the query has been scheduled on the host.
- Look at the status logs provided by osquery. In a standard configuration these are available on the filesystem of the Fleet server at the path configurable by [`--filesystem_status_log_file`](./configuring-the-fleet-binary.md#filesystem_status_log_file). This defaults to `/tmp/osquery_status`. The host will output a status log each time it executes the query.
## Why arent my live queries being logged?