osquery has an little known (possibly undocumented) feature where receiving a distribute query can make the host check in much more frequently.
This means you can have your hosts check in ever minute or five until it receives a distributed query at which point it will check in every two seconds.
Up until now our hosts had their distribute interval set at five which is far too low to be used in most infrastructures. Now I've raised it to 30 seconds which is more usual but allowed goserver to accelerate hosts when they receive queries.
The hosts check in every two seconds for five minutes (resetting whenever they get a new query) then go back to their normal interval.
osquery has an little known (possibly undocumented) feature where receiving a distribute query can make the host check in much more frequently.
This means you can have your hosts check in ever minute or five until it receives a distributed query at which point it will check in every two seconds.
Up until now our hosts had their distribute interval set at five which is far too low to be used in most infrastructures. Now I've raised it to 30 seconds which is more usual but allowed goserver to accelerate hosts when they receive queries.
The hosts check in every two seconds for five minutes (resetting whenever they get a new query) then go back to their normal interval.
Closes #73