Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 01:18:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 59

Add information on datastore options in Fleet to FAQ. (#136)

Browse source
This commit is contained in:
noahtalerman 2020-12-16 16:20:38 -08:00 committed by GitHub
parent d4780770e0
commit e9a77cc64a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/infrastructure/faq.md
View file

@ -26,6 +26,12 @@ Scheduled query results (queries that are scheduled to run in Packs) are typical
It is possible to configure osqueryd to log query results outside of Fleet. For results to go to Fleet, the `--logger_plugin` flag must be set to `tls`.
### What are my options for storing the osquery logs?
Folks typically use Fleet to ship logs to data aggregation systems like Splunk, the ELK stack, and Graylog.
The [logger configuration options](https://github.com/fleetdm/fleet/blob/master/docs/infrastructure/configuring-the-fleet-binary.md#osquery_status_log_plugin) allow you to select the log output plugin. Using the log outputs you can route the logs to your chosen aggregation system.
### Troubleshooting
Expecting results, but not seeing anything in the logs?