Osquery logs

Logs view

Shows you any returned results from your deployed Assets. This view is useful for helping to debug running queries.

  • Severity Log severity level. There are three severity levels; INFO, WARNING, ERROR and FATAL.

    • INFO Info messages are not logged.

    • WARNING Warning messages returned from the asset. Usually due to a miss-configuration or syntax error within the query.

    • ERROR Error messages are for severe errors.

    • FATAL Will result in the shutdown of the Osquery agent. This is a critical failure.

  • Asset The name of the asset the log message originated from.

  • Query The query that generated the error. If there is no query defined in the field then the query was a system query.

  • Message A description of the logged event.

  • Timestamp The date and time that the event occurred.