# osquery: Send log messages to osquery's syslog table

The `osquery()` driver sends log messages to osquery’s syslog table.

The syslog table contains logs forwarded over a named pipe from `syslog-ng`. When an osquery process that supports the syslog table starts up, it creates (and properly sets permissions for) a named pipe for AxoSyslog to write to.

## Example: Using the osquery() destination driver

Run osqueryi:
```
 
       osqueryi --enable_syslog
                 --disable-events=false
    
```

To store the database on disk:
```
 
       osqueryi --enable_syslog
                 --disable-events=false
                 --database_path=/tmp/osquery.db
    
```

To set up a custom named pipe:
```
 
       osqueryi --enable_syslog
                 --disable-events=false
                 --database_path=/tmp/osquery.db
                 --syslog_pipe_path=/tmp/osq.pipe
    
```

Example configuration:
```
 
       @version: 3.12
        @include "scl.conf"
        
        source s_net {
          network(port(5514));
        };
        
        destination d_osquery {
          # custom pipe path:
          #osquery(pipe("/tmp/osq.pipe"));
        
          # backup outgoing logs:
          #osquery(file("/var/log/osquery_inserts.log" template(t_osquery)));
        
          # defaults
          osquery();
        };
        
        log {
         source(s_net);
         destination(d_osquery);
         flags(flow-control);
        };
    
```

* * *

[osquery() destination options](../../docs/axosyslog-core/chapter-destinations/configuring-destinations-osquery/options-osquery/index.md)

Last modified October 29, 2023: [Create manpages (#34) (9534f54e)](<https://github.com/axoflow/axosyslog-core-docs/commit/9534f54ee9e0cc76cb336c0c01f2e1973760d0e0>)