I am a bit confused as in I am not usin

Question

< Stefano Bonicatti> I am a bit confused as in I am not using this log result events flag in my osquery flags file so why am I still getting this

Stefano Bonicatti · Answer

In the screenshot showing your conf file you have the ` options ` element in there I can see ` log result events true `

Stefano Bonicatti · Answer

Some flags are CLI only and should be set only via CLI when launching osquery or via flagfile but other flags configurations can be set via the conf file There s still a bug where we don t properly enforce that but the idea is that CLI only flags can be set at startup only while configuration options can be changed and applied at runtime

Stefano Bonicatti · Answer

Again the `osqueryd help` separates those two categories

sonal k · Answer

okay I understood +1 also when I run osqueryd help I get no such command message why is so

Stefano Bonicatti · Answer

Probably osqueryd is not in your `PATH` env var I guess it s osquery 5 0 1 You can also use `osqueryi help` since that should be reachable or simply provide the full path to the binary

sonal k · Answer

yes its osquery 5 0 1 and osqueryi helps work