From 77c315648e00ef85335d45854845be7d59280d98 Mon Sep 17 00:00:00 2001 From: Rebecca Mahany-Horton Date: Fri, 31 Jan 2025 17:07:55 -0500 Subject: [PATCH] Ship "Executing scheduled query pack" logs (#2081) --- ee/log/osquerylogs/log.go | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/ee/log/osquerylogs/log.go b/ee/log/osquerylogs/log.go index 1faec97eb..a09e3982d 100644 --- a/ee/log/osquerylogs/log.go +++ b/ee/log/osquerylogs/log.go @@ -59,13 +59,6 @@ func NewOsqueryLogAdapter(slogger *slog.Logger, rootDirectory string, opts ...Op } func (l *OsqueryLogAdapter) Write(p []byte) (int, error) { - // Work around osquery being overly verbose with it's logs - // see: https://github.com/osquery/osquery/pull/6271 - level := l.level - if bytes.Contains(p, []byte("Executing scheduled query pack")) { - level = slog.LevelDebug - } - if bytes.Contains(p, []byte("Accelerating distributed query checkins")) { // Skip writing this. But we still return len(p) so the caller thinks it was written return len(p), nil @@ -105,7 +98,7 @@ func (l *OsqueryLogAdapter) Write(p []byte) (int, error) { msg := strings.TrimSpace(string(p)) caller := extractOsqueryCaller(msg) - l.slogger.Log(context.TODO(), level, // nolint:sloglint // it's fine to not have a constant or literal here + l.slogger.Log(context.TODO(), l.level, // nolint:sloglint // it's fine to not have a constant or literal here msg, "caller", caller, )