wodle name="osquery"
XML section name
<wodle name="osquery">
</wodle>
Configuration options of the osquery wodle.
Warning
Osquery is not installed by default. It is a open source software that you have to obtain for using this module.
Options
Options |
Allowed values |
|---|---|
yes, no |
|
yes, no |
|
Any valid path |
|
Any valid path |
|
Any valid path |
|
yes, no |
|
Any available pack |
run_daemon
Makes the module run osqueryd as a subprocess or lets the module monitor the results log without running Osquery.
Default value |
yes |
Allowed values |
yes, no |
bin_path
Full path to the folder that contains the osqueryd executable.
Default value on Linux |
Empty |
Default value on Windows |
C:\ProgramData\osquery\osqueryd |
Allowed values |
Any valid path |
log_path
Full path to the results log written by Osquery.
Default value on Linux |
/var/log/osquery/osqueryd.results.log |
Default value on Windows |
C:\ProgramData\osquery\log\osqueryd.results.log |
Allowed values |
Any valid path |
Example of configuration
<wodle name="osquery">
<disabled>no</disabled>
<run_daemon>yes</run_daemon>
<bin_path>/usr/bin</bin_path>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>no</add_labels>
<pack name="custom_pack">/path/to/custom_pack.conf</pack>
</wodle>