Juan Alvarez

04/20/2021, 8:06 AM
Hi all, when it comes to the watchdog, all its flags (watchdog_level, enable_extension_watchdog, etc...) need to be configured in the flags file? Meaning, i cannot configure them in the config tls endpoint, am i right?


04/20/2021, 12:10 PM
Maybe. It's the kind of thing that needs to start before the TLS endpoint is contacted. But there might be a bug about whether the config is correctly rejected

Juan Alvarez

04/20/2021, 1:28 PM
I see 🙂 looking at the code it seems that as CLI_FLAG it should not be configured in the TLS endpoint but if i do, it does actually modify the values in
table, so it is a bit difficult to understand what is the effective configuration. Anyway it seems that the right thing to do is to modify it in the flags file.

Stefano Bonicatti

04/20/2021, 3:21 PM
There is a bug with CLI_FLAG which are not correctly enforced right now as something that can only be given on the osquery CLI or flagfile
You would want to respect that they are CLI_FLAG though, because the original intention was to make them not modifiable when osquery is already running
osqueryd --help
separates the flag between the ones that can be used on the CLI/flagfile and the ones that can also be used inside the config file
The bug I’m talking about is:

Juan Alvarez

04/20/2021, 3:24 PM
i see, cool. Thank you both very much!