forked from Lainports/freebsd-ports
6efaeef862
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes. WWW: https://osquery.io/ Sponsored by: Beer from wxs@
28 lines
1.3 KiB
Text
28 lines
1.3 KiB
Text
--- tools/deployment/osquery.example.conf.orig 2015-05-09 02:10:08 UTC
|
|
+++ tools/deployment/osquery.example.conf
|
|
@@ -10,7 +10,7 @@
|
|
// The log directory stores info, warning, and errors.
|
|
// If the daemon uses the 'filesystem' logging retriever then the log_dir
|
|
// will also contain the query results.
|
|
- //"logger_path": "/var/log/osquery",
|
|
+ "logger_path": "/var/log/osquery",
|
|
|
|
// Set 'disable_logging' to true to prevent writing any info, warning, error
|
|
// logs. If a logging plugin is selected it will still write query results.
|
|
@@ -27,14 +27,14 @@
|
|
//"schedule_splay_percent": "10",
|
|
|
|
// Write the pid of the osqueryd process to a pidfile/mutex.
|
|
- //"pidfile": "/var/osquery/osquery.pidfile",
|
|
+ "pidfile": "/var/run/osqueryd.pid",
|
|
|
|
// Clear events from the osquery backing store after a number of seconds.
|
|
"event_pubsub_expiry": "86000",
|
|
|
|
// A filesystem path for disk-based backing storage used for events and
|
|
// and query results differentials. See also 'use_in_memory_database'.
|
|
- //"database_path": "/var/osquery/osquery.db",
|
|
+ "database_path": "/var/db/osquery/osquery.db",
|
|
|
|
// Comma-delimited list of table names to be disabled.
|
|
// This allows osquery to be launched without certain tables.
|