Title
#general
j

Juan Alvarez

04/20/2021, 8:06 AM
Hi all, when it comes to the watchdog, all its flags (watchdog_level, enable_extension_watchdog, etc...) need to be configured in the flags file? Meaning, i cannot configure them in the config tls endpoint, am i right?
s

seph

04/20/2021, 12:10 PM
Maybe. It's the kind of thing that needs to start before the TLS endpoint is contacted. But there might be a bug about whether the config is correctly rejected
j

Juan Alvarez

04/20/2021, 1:28 PM
I see 🙂 looking at the code it seems that as CLI_FLAG it should not be configured in the TLS endpoint but if i do, it does actually modify the values in
osquery_flags
table, so it is a bit difficult to understand what is the effective configuration. Anyway it seems that the right thing to do is to modify it in the flags file.
Stefano Bonicatti

Stefano Bonicatti

04/20/2021, 3:21 PM
There is a bug with CLI_FLAG which are not correctly enforced right now as something that can only be given on the osquery CLI or flagfile
3:21 PM
You would want to respect that they are CLI_FLAG though, because the original intention was to make them not modifiable when osquery is already running
3:22 PM
also,
osqueryd --help
separates the flag between the ones that can be used on the CLI/flagfile and the ones that can also be used inside the config file
3:22 PM
The bug I’m talking about is: https://github.com/osquery/osquery/issues/6533
j

Juan Alvarez

04/20/2021, 3:24 PM
i see, cool. Thank you both very much!