Fleet osquery6/4/2023 ![]() However, it provides the basic infrastructure needed to explore FleetDM and understand its capabilities. This file is not suitable for production, as none of the components are highly available. You can also send Osquery logs to a central location, allowing FleetDM to merge the logs and then forward them to your central logging infrastructure.įor these articles, I'm using a simple Docker Compose file. The primary database is MySQL, Redis provides a queue, and public key infrastructure ( PKI) provides certificates for the FleetDM installation. ![]() Using the FleetDM user interface (UI) or command-line interface (CLI), you can easily submit and schedule queries across all of your Osquery agents, filtering them as needed.Ī production FleetDM server installation has several infrastructure components. FleetDM is an open source tool that centralizes configuration and query management for a fleet of Osquery agents. In this article, I discuss an integrated approach using FleetDM. You can also aggregate logs using your favorite aggregation tool because Osquery logs to a file and is unopinionated about the upstream logging infrastructure. You can centralize configurations using your preferred configuration management utility, such as Ansible. ![]() ![]() However, the real value of Osquery comes from having a central control plane to manage Osquery agents and aggregate query results. Those articles demonstrated the power of using Osquery by itself. In my previous series, I discussed how to run Osquery and schedule queries to interrogate systems for useful information. ![]()
0 Comments
Leave a Reply. |