Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hi all, when it comes to the watchdog, all its flags (watchdog_level, enable_extension_watchdog, etc...)  need to be configured in the flags file? Meaning, i cannot configure them in the config tls endpoint, am i right?

Maybe. It's the kind of thing that needs to start before the TLS endpoint is contacted. But there might be a bug about whether the config is correctly rejected 

I see :slightly_smiling_face: looking at the code it seems that as CLI_FLAG it should not be configured in the TLS endpoint but if i do, it does actually modify the values in `osquery_flags` table, so it is a bit difficult to understand what is the effective configuration. Anyway it seems that the right thing to do is to modify it in the flags file.

There is a bug with CLI_FLAG which are not correctly enforced right now as something that can only be given on the osquery CLI or flagfile

You would want to respect that they are CLI_FLAG though, because the original intention was to make them not modifiable when osquery is already running

also, `osqueryd --help` separates the flag between the ones that can be used on the CLI/flagfile and the ones that can also be used inside the config file

The bug I’m talking about is: <https://github.com/osquery/osquery/issues/6533>