Set log path to root-dir when calling osquery (fleetdm#4237)

* Set log path to root-dir when calling osquery * Update based on review and set filesystem,tls as logging plugin
mz0in · Feb 17, 2022 · fee7fae · fee7fae
1 parent 17bbd47
commit fee7fae
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 1 deletion.
diff --git a/orbit/README.md b/orbit/README.md
@@ -180,6 +180,12 @@ Press Enter to continue, or Control-c to exit.
 [...]
 ```
 
+If you want to run orbit from source directly, you can do the following:
+
+```sh 
+go run github.com/fleetdm/fleet/v4/orbit/cmd/orbit --root-dir /tmp/orbit -- --flagfile=flagfile.txt --verbose
+```
+
 ### Troubleshooting
 
 #### Logs

diff --git a/orbit/changes/issue-4146-orbit-osquery-logpath b/orbit/changes/issue-4146-orbit-osquery-logpath
@@ -0,0 +1 @@
+* Set log path for osquery when launching it
diff --git a/orbit/cmd/orbit/orbit.go b/orbit/cmd/orbit/orbit.go
@@ -9,6 +9,7 @@ import (
 	"io/ioutil"
 	"net/url"
 	"os"
+	"path"
 	"path/filepath"
 	"runtime"
 	"strings"
@@ -228,6 +229,7 @@ func main() {
 
 		var options []func(*osquery.Runner) error
 		options = append(options, osquery.WithDataPath(c.String("root-dir")))
+		options = append(options, osquery.WithLogPath(path.Join(c.String("root-dir"), "osquery_log")))
 
 		if logFile != nil {
 			// If set, redirect osqueryd's stderr to the logFile.

diff --git a/orbit/pkg/osquery/flags.go b/orbit/pkg/osquery/flags.go
@@ -24,7 +24,7 @@ func FleetFlags(fleetURL *url.URL) []string {
 		"--distributed_tls_max_attempts=10",
 		"--distributed_tls_read_endpoint=" + path.Join(prefix, "/api/v1/osquery/distributed/read"),
 		"--distributed_tls_write_endpoint=" + path.Join(prefix, "/api/v1/osquery/distributed/write"),
-		"--logger_plugin=tls",
+		"--logger_plugin=tls,filesystem",
 		"--logger_tls_endpoint=" + path.Join(prefix, "/api/v1/osquery/log"),
 		"--disable_carver=false",
 		// carver_disable_function is separate from disable_carver as it controls the use of file