I mean specifically for an agent that was deployed with a config file. I want to change a value in one of the keys.

Ok so I think that what I'm looking for is the option in the config file for the agents called 'command_line_flags'. However, it appears that you cannot specify an override for different platforms (windows, mac linux etc). So if I want to specify which windows events channels I want (by setting --windows_event_channel); I coudn't specify that its just a flag for windows. Am I right? Any workarounds? Thanks

Also, if I do specify the command_line_flags option in the agents configuration. Does it delete all of the configs that I had specified in the original flag file? or does it add/overwrite?

Checking back with the team regarding overrides for specific platforms. I'll get back to you on that

I would take a look at using overrides in your configuration to accomplish this: https://fleetdm.com/docs/configuration/agent-configuration#overrides

Just keep in mind that using overrides won't inherit from the base configuration. So you'd have to set all your flags for each platform you target with an override

According to the docs, command_line flags do not support overrides

Since the rest of this moved to a DM, just wanted to quickly summarize our solution for anybody who might come across this in the future. 1. The errors for the keys set in the override could only be used as command line flags 2. Overrides do not support keys that can only be used as command line flags 3. Any command line flags that are OS specific (like

--windows_event_channel

) will be ignored on platforms that don't support them We can use

sudo orbit shell -- --help

to see a list of configuration options broken down by type (CLI only, CLI and config, shell only).