Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hi Fleet team, table app_config_json in fleet db is actually the cfg of enrolled running osquery, right? each host will read this from fleet frequently.

And one more question, is there any way we can check the osquery cfg because we set
# Configuration
--config_plugin=tls
--config_tls_endpoint=/api/osquery/config
--config_refresh=10
as flag file of osquery.

That is the Fleet server configuration. The agent options are stored in `osquery_ options`. If you're not using Orbit, you'll need to set up your osquery agents to use the `tls` config plugin for them to check the config set in Fleet.

It looks like you're missing the `v1` in your endpoint:

``` --config_plugin=tls \
 --config_tls_endpoint=/api/v1/osquery/config \
 --config_refresh=10 \```

and is v1 required for all the apis like enroll_tls_endpoint, config_tls_endpoint, distributed_tls_read_endpoint and distributed_tls_write_endpoint, logger_tls_endpoint, carver_start_endpoint and carver_continue_endpoint?

and if we want to us this api to fetch dynamic cfg of osquery, so we can modify the data in fleet db directly, right?
<@U02KY9FDA59>

I would not recommend modifying the Fleet database directly, no. 

You can set your agent options using the Fleet UI, the API or the CLI

do we have instruction showing how to change it through api or cli?

Here’s a good example of an agent options Yaml:

<https://fleetdm.com/docs/using-fleet/configuration-files#agent-options|https://fleetdm.com/docs/using-fleet/configuration-files#agent-options>

You’d then apply that with `fleetctl`:

<https://fleetdm.com/docs/using-fleet/fleetctl-cli#fleetctl-apply|https://fleetdm.com/docs/using-fleet/fleetctl-cli#fleetctl-apply>

And here’s info on the configuration API endpoint:

<https://fleetdm.com/docs/using-fleet/rest-api#fleet-configuration|https://fleetdm.com/docs/using-fleet/rest-api#fleet-configuration>