With the Firehose plugin, osquery result and/or status logs are written to AWS Firehose streams. Note that if multiple load-balanced Fleet servers are used, the logs will be load-balanced across those servers (not duplicated). This is typically used with a log forwarding agent on the Fleet server that will push the logs into a logging pipeline. With the filesystem plugin, osquery result and/or status logs are written to the local filesystem on the Fleet server. To set the osquery logging plugins, use the -osquery_result_log_plugin and -osquery_status_log_plugin flags (or equivalents for environment variables or configuration files). PubSub - Logs are written to Google Cloud PubSub topics.
Kinesis - Logs are written to AWS Kinesis streams.Firehose - Logs are written to AWS Firehose streams.Filesystem - Logs are written to the local Fleet server filesystem.Osquery Logging Pluginsįleet supports the following logging plugins for osquery logs: If -logger_plugin=tls is used with osquery clients, the following configuration can be applied on the Fleet server for handling the incoming logs. See the osquery logging documentation for more about configuring logging on the agent. This is not a requirement, and any other logger plugin can be used even when osquery clients are connecting to the Fleet server to retrieve configuration or run live queries. Osquery agents are typically configured to send logs to the Fleet server ( -logger_plugin=tls).
0 kommentar(er)
