confused about the

overrides

key. My osquery.conf file basically is in this format: options <stuff> file_paths <list of linux file paths> overrides platforms windows options <same stuff as above> file_paths <windows file paths> exclude_paths <windows file paths> darwin options <same stuff as above> file_paths <mac file paths> When i start my daemon on a mac, i only see the linux file paths being loaded. My config is syntactically correct, osquery isn't barfing on it.

This concept of

overrides

is only a Fleet thing. When you provide this as the agent options in Fleet, it will provide the appropriate platform configuration to osquery when it checks in for config.

ahhh, okay so testing this locally wouldn't give the expected result?

That's right. You could convert everything in the

darwin

section to JSON and then provide that to osquery -- that would be essentially what Fleet does.

cool, okay i've done that and it works as expected. thanks!