Osquery takes too much space

I got some osquery on mac os and there is a file /private/var/log/osquery/osquery-output.log. This file takes almost 16 Gb of disk space. What is it? Can i delete it safely?

Solution

By itself, osquery does very little. It can be configured to run a variety of queries to examine system state. Depending on configuration, these results might be stored locally or sent to a log aggregator. The configuration can either be from a local file, or from a remote server.

It sounds like you have an osquery install that is configured to log to local disk, but nothing is collecting those results.

osquery itself does not do anything with that file. So you can certainly truncate it. (Just deleting it will likely leave an unlinked file). But that file implies a misconfigured setup.

Should it be logging to local disk? What consumes those logs? Etc.

Issue with observing SwiftData model and UndoManager
dyld[22230]: Library not loaded: @rpath/SDL2.framework/Versions/A/SDL2 Reason: no LC_RPATH's found
How to make the hardware beep sound in Mac OS X 10.6
Error running pyttsx3 code on OS X: "NameError: name 'objc' is not defined"
Is there any way to run a Flutter app through background on macOS or Windows desktop?
psql: error: connection to server on socket "/tmp/.s.PGSQL.5432" failed: No such file or directory
How can one run a Core ML model on macOS 10.12?
Cannot run a program by clicking on it while I can from Terminal
How to apply "acceptsFirstMouse" for app build with SwiftUI?
QWidget on Mac OS X not focusing in Qt 5
How to create whole screen overlay in MacOS with Swift?
How to remove autostart of apache on macosx
"SSL certificate verify failed" using pip to install packages
Pyttsx3 doesn't work on Python 3.11 script, Mac M1
Code Helper process by VS Code eating my cpu
OS updates related information for Mac OS X
vscode edit symlinks path
How to send data to local clipboard from a remote SSH session
rmarkdown: pandoc: pdflatex not found
openssl/ssl.h not found but installed with homebrew
Homebrew refusing to link OpenSSL
Why ico image does not display on the window using Tkinter?
socket.error: [Errno 48] Address already in use
error AH00558: httpd: Could not reliably determine the server's fully qualified domain name
Programmatically created NSWindow crashes upon close
BUG! exception in phase 'semantic analysis' in source unit '_BuildScript_' Unsupported class file major version 61 on Apple Arm
MacOS - detect when camera is turned on/off
Tk label not displaying on MacOS 13.0.1
How to push a file from computer to /data/.../databases/ using adb command?
SMAppService register() - How to detect launch at startup/login vs regular launch?