https://github.com/osquery/osquery logo
Join Slack
Powered by
<@U01BW3YRCTA> is this with a package generated wi...
# fleet
z
@Dan Achin is this with a package generated with 
fleetctl package
? https://osquery.slack.com/archives/C08V7KTJB/p1646159484058179
d
No, I think just downloaded direct from osquery. we just set up our flags file to connect to fleet
z
Can you just have your install script create the directory?
d
I can ask them. I don't do windows. 🙂.
@Skip Pile - does that directory exist ?
z
Are you intentionally using the 
filesystem
logger?
d
the only plugin we specify in flags is tls
z
Sounds like something is giving osquery instructions to log via filesystem.
d
right...and actually we don't have a plugin specified at all, or it shouldn't. let me try and get the windows team to give me their flags file. Could a registry entry also turn on fs logging?
z
filesystem is the default, so that likely explains it
d
k. well we set tls information in flags....let me check fleet as well to see what we set there. it's been a while since I've looked at this
ok, ya it's all coming back to me. we set this at fleet - logger_plugin: tls
then we have tls endpoints, etc at the client. I thought Fleet overrode the client
z
It does if config plugin is set to tls in flags.
d
yes, config plugin is tls
--config_plugin=tls
i need to step away for a bit. I've asked our internal windows team what registry entries they have set
their flags looks good to me
z
I'm not aware of osquery picking up any config from the registry.
d
hmmm...very strange then
j
maybe osquery is not pointing to the right flags file? Seems like it is not taking the proper file for config.
👍 1
d
@Juan Alvarez - yes, this is exactly what it seems like. We aren't even getting tls connections to Fleet, but the flags file is specified correctly. Asking the team to look at file permissions
2 Views
Open in Slack
PreviousNext
Powered by