Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
w
wennan.he
10/12/2022, 8:21 PMHi Fleet team, table app_config_json in fleet db is actually the cfg of enrolled running osquery, right? each host will read this from fleet frequently.
And one more question, is there any way we can check the osquery cfg because we set
# Configuration
--config_plugin=tls
--config_tls_endpoint=/api/osquery/config
--config_refresh=10
as flag file of osquery.
k
Kathy Satterlee
10/12/2022, 9:50 PMThat is the Fleet server configuration. The agent options are stored in
osquery_ optionstlsIt looks like you're missing the
v1--config_plugin=tls \
--config_tls_endpoint=/api/v1/osquery/config \
--config_refresh=10 \w
wennan.he
10/12/2022, 9:52 PMis v1 required?
and is v1 required for all the apis like enroll_tls_endpoint, config_tls_endpoint, distributed_tls_read_endpoint and distributed_tls_write_endpoint, logger_tls_endpoint, carver_start_endpoint and carver_continue_endpoint?
@Kathy Satterlee
k
Kathy Satterlee
10/12/2022, 9:55 PMIt is.
w
wennan.he
10/12/2022, 10:06 PMand if we want to us this api to fetch dynamic cfg of osquery, so we can modify the data in fleet db directly, right?
@Kathy Satterlee
k
Kathy Satterlee
10/12/2022, 10:07 PMI would not recommend modifying the Fleet database directly, no.
You can set your agent options using the Fleet UI, the API or the CLI
That’s my preferred method :)
w
wennan.he
10/12/2022, 10:10 PMdo we have instruction showing how to change it through api or cli?
k
Kathy Satterlee
10/12/2022, 10:14 PMHere’s a good example of an agent options Yaml:
https://fleetdm.com/docs/using-fleet/configuration-files#agent-options
You’d then apply that with `fleetctl`:
https://fleetdm.com/docs/using-fleet/fleetctl-cli#fleetctl-apply
And here’s info on the configuration API endpoint:
https://fleetdm.com/docs/using-fleet/rest-api#fleet-configuration
w
wennan.he
10/12/2022, 10:38 PM:ty: