macOS osquery Client Configuration


The following topic lists the osquery’s client configuration files for macOS.

{
   "config_path": "${CONFIGDIR}/osquery.conf",
    "flagfile": "",
    "extensions_autoload": "",
    "force": "true",
    "events_expiry": "3600",
    "events_max": "50000",
    "disable_tables": "augeas,carves,curl,curl_certificate,mdfind,ntfs_journal_events,powershell_events,wifi_survey,windows_events,ycloud_instance_metadata",
    "disable_watchdog": "true",
    "disable_events": "true",
    "augeas_lenses": "",
    "pidfile": "${WORKDIR}/osqueryd.pid",
    "logger_path": "${WORKDIR}/osqueryd_log",
    "database_path": "${WORKDIR}/osqueryd_db",
    "extensions_socket": "${WORKDIR}/orbital-osquery.em"
}

Return to Orbital Yara Rules and System Configuration

Return to Table of Contents