valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
dca2f9d7bb
osquery-1/tools/deployment/osquery.example.conf
Mike Arpaia bb6550f1da type in example config
2015-02-09 10:12:43 -08:00

68 lines
2.5 KiB
Plaintext
Raw Blame History

{
/* Configure the daemon below */
"options": {
// Select the osquery config plugin.
"config_plugin": "filesystem",
// Select the osquery logging plugin.
"logger_plugin": "filesystem",
// The log directory stores info, warning, and errors.
// If the daemon uses the 'filesystem' logging retriever then the log_dir
// will also contain the query results.
//"osquery_log_dir": "/var/log/osquery",
// Set 'disable_logging' to true to prevent writing any info, warning, error
// logs. If a logging plugin is selected it will still write query results.
//"disable_logging": "false",
// Query differential results are logged as change-events to assist log
// aggregation operations like searching and transactons.
// Set 'log_results_events' to log differentials as transactions.
//"log_result_events": "true",
// Splay the scheduled interval for queries.
// This is very helpful to prevent system performance impact when scheduling
// large numbers of queries that run a smaller or similar intervals.
//"schedule_splay_percent": "10",
// Use the system hostname as an identifier for results.
// If hostnames change with DHCP a more static option is 'uuid'.
//"host_identifier": "hostname",
// Write the pid of the osqueryd process to a pidfile/mutex.
//"pidfile": "/var/osquery/osquery.pidfile",
// Clear events from the osquery backing store after a number of seconds.
"event_pubsub_expiry": "86000",
// A filesystem path for disk-based backing storage used for events and
// and query results differentials. See also 'use_in_memory_database'.
//"db_path": "/var/osquery/osquery.db",
// If using a third-party backing store you may want to run completely in
// memory. Currently rocksdb must use disk-based storage.
//"use_in_memory_database": "false",
// Enable debug or verbose debug output when logging.
"debug": "false",
"verbose_debug": "false",
// The number of threads for concurrent query schedule execution.
"worker_threads": "4"
},
/* Define a schedule of queries */
"scheduledQueries": [
// This is a simple example query that outputs information about osquery.
{
// More complicated queries benefit from a name such as 'my_processes'.
"name": "info",
// The exact query to run, include a semi-colon.
"query": "SELECT * FROM osquery_info;",
// The interval in seconds to run this query, not an exact interval.
"interval": 3600
}
]
}
Reference in New Issue View Git Blame Copy Permalink