confused about the `overrides` key My osquery conf file basi

Question

confused about the `overrides` key My osquery conf file basically is in this format options lt stuff gt file paths lt list of linux file paths gt overrides platforms windows options lt same stuff as above gt file paths lt windows file paths gt exclude paths lt windows file paths gt darwin options lt same stuff as above gt file paths lt mac file paths gt When i start my daemon on a mac i only see the linux file paths being loaded My config is syntactically correct osquery isn t barfing on it

zwass · Answer

This concept of `overrides` is only a Fleet thing When you provide this as the agent options in Fleet it will provide the appropriate platform configuration to osquery when it checks in for config

Ted Dorosheff · Answer

ahhh okay so testing this locally wouldn t give the expected result

zwass · Answer

That s right You could convert everything in the `darwin` section to JSON and then provide that to osquery that would be essentially what Fleet does

Ted Dorosheff · Answer

cool okay i ve done that and it works as expected thanks