I got some osquery on mac os and there is a file /private/var/log/osquery/osquery-output.log. This file takes almost 16 Gb of disk space. What is it? Can i delete it safely?
Asked
Active
Viewed 560 times
1 Answers
0
By itself, osquery does very little. It can be configured to run a variety of queries to examine system state. Depending on configuration, these results might be stored locally or sent to a log aggregator. The configuration can either be from a local file, or from a remote server.
It sounds like you have an osquery install that is configured to log to local disk, but nothing is collecting those results.
osquery itself does not do anything with that file. So you can certainly truncate it. (Just deleting it will likely leave an unlinked file). But that file implies a misconfigured setup.
Should it be logging to local disk? What consumes those logs? Etc.
seph
- 813
- 6
- 16
-
osquery recently implemented native log rotation. See the `--logger_rotate` flag – seph Jun 12 '21 at 00:53
-
osquery does not currently have native m1 support, and as such, does not ship universal binaries. It looks like the binary size jumped from 14megs to 20megs at version 4.7.0. I'm not sure why, but I do notice there was an Xcode bump then. Regardless, we're talking about megs. The original poster is talking gigs. – seph Jul 29 '21 at 18:24