Osquery logs

Logs view

Shows you any returned results from your deployed Assets. This view is useful for helping to debug running queries.

  • Severity Log severity level. There are three severity levels; INFO, WARNING, ERROR and FATAL.
    • INFO Info messages are not logged.
    • WARNING Warning messages returned from the asset. Usually due to a miss-configuration or syntax error within the query.
    • ERROR Error messages are for severe errors.
    • FATAL Will result in the shutdown of the Osquery agent. This is a critical failure.
  • Asset The name of the asset the log message originated from.
  • Query The query that generated the error. If there is no query defined in the field then the query was a system query.
  • Message A description of the logged event.
  • Timestamp The date and time that the event occurred.