Linux osquery Client Configuration

{

"config_path": "${CONFIGDIR}/osquery.conf",

"flagfile": "",

"extensions_autoload": "",

"force": "true",

"events_expiry": "3600",

"events_max": "50000",

"disable_tables": "augeas,carves,curl,curl_certificate,mdfind,ntfs_journal_events,powershell_events,wifi_survey,windows_events,ycloud_instance_metadata",

"disable_watchdog": "true",

"disable_events": "false",

"augeas_lenses": "",

"pidfile": "${WORKDIR}/osqueryd.pid",

"logger_path": "${WORKDIR}/osqueryd_log",

"database_path": "${WORKDIR}/osqueryd_db",

"extensions_socket": "${WORKDIR}/orbital-osquery.em"

}

Return to Orbital Yara Rules and System Configuration