I got some osquery on mac os and there is a file /private/var/log/osquery/osquery-output.log. This file takes almost 16 Gb of disk space. What is it? Can i delete it safely?
1
There are 1 best solutions below
Related Questions in MACOS
- How do I customize NSOutlineView to have border color?
- Force sublime text to use PATH from the shell value
- Do executable files always open a terminal window on MacOS?
- setting OpenGL version in objective-C
- C std library don't appear to be linked in object file
- Cross compile simple standard C program on Linux for Mac
- How to generate request format for WCF web service method for Mac and iPhone
- Bundle Multiple Xamarin apps in one pkg installer
- How to Handle Command Line Prompt from a Cocoa App
- AVFoundation - Process each image separately
- CMYK NSImage get pixel data
- how i get the mac of ibeacon or BLE
- Set JAVA_HOME on Mac
- Finding active IPv6 interfaces under Mac OS (using Python)
- OSX: Why is my launchd agent running my script twice?
Related Questions in DISKSPACE
- Send alert for 80% threshold comparing two values from Disk partition
- Usage of disk_free_space() and disk_total_space() in PHP
- Avoid large log Jenkins file (and stop build if needed)
- Android SDK folder taking a lot of disk space. Do we need to keep all of the System Images?
- How can I get unlabeled volume drive total size by C#?
- Google Compute Engine Resize boot disk
- Docker aufs and devicemapper directories both exist
- Docker host & no space left on device
- Measuring peak disk use of a process
- Finding available space for a directory in C# on Linux
- Running out of inodes disk space, free space left on device
- Openshift, disk quota exceeded
- How can I get around the "There is not enough space on the disk" exception when attempting to deploy to a handheld device?
- why my mongodb fileSize is much bigger than storageSize in db.stats()?
- What effect does allowed length of text strings have on performance and size
Related Questions in OSQUERY
- Error: failed to find any PEM data in certificate input when start to run fleet server
- Osquery takes too much space
- Fail to connect osquery from window server to kolide fleet
- Why OSQuery does not include "Computer" event information when reading Windows EventLogs?
- osquery custom table issue of deregistering extension
- Not getting callback for Osquery Packs in osquery extension
- Using OSquery to modifying or kill processes, etc
- Select all files in a folder and subfolders with OSQuery
- osquery on-demand yara scan Error: no such column: pattern
- OSQuery how can i retrieve Anti virus details?
- osquery extension in Ruby - create new table
- osquery - How can I retrieve a file origin using osquery?
- Using osquery sdk (in the form of dll) on Windows
- Not able to retrive file events info in osquery-python
- Fetching information using osquery from C++
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
By itself,
osquerydoes very little. It can be configured to run a variety of queries to examine system state. Depending on configuration, these results might be stored locally or sent to a log aggregator. The configuration can either be from a local file, or from a remote server.It sounds like you have an osquery install that is configured to log to local disk, but nothing is collecting those results.
osquery itself does not do anything with that file. So you can certainly truncate it. (Just deleting it will likely leave an unlinked file). But that file implies a misconfigured setup.
Should it be logging to local disk? What consumes those logs? Etc.