Hi osquery team, if /etc/osquery/osquery.conf is n...
# generalw
wennan.he
10/12/2022, 9:17 PMHi osquery team, if /etc/osquery/osquery.conf is not offered, will osuqery read conf from config_tls_endpoint?
s
seph
10/12/2022, 9:25 PM
Depends on the flags. You’d need to configure that
w
wennan.he
10/12/2022, 9:31 PMlike this?
# Configuration
--config_plugin=tls
--config_tls_endpoint=/api/osquery/config
--config_refresh=10
wennan.he
10/12/2022, 9:32 PMis there any way to check the response of this api?
wennan.he
10/12/2022, 9:33 PM@seph
s
seph
10/12/2022, 9:35 PM
Might be right. The docs have some examples of this
seph
10/12/2022, 9:36 PM
As for responses… you can examine osquery settings for things that should have been set by the config.
You can look at verbose logs. Pretty sure something is logged.
w
wennan.he
10/12/2022, 9:37 PMfor my case, i don't offer the config file. that is why i would like to check the response from this api.
wennan.he
10/12/2022, 9:38 PMand could u tell me where is the verbose log file?
s
seph
10/12/2022, 9:38 PM
Osquery logs to stdout and stderr. Everything else depends on how you have it configured.
w
wennan.he
10/12/2022, 9:42 PM# Logging
--logger_plugin=tls
--logger_tls_endpoint=/api/osquery/log
--logger_tls_period=60
wennan.he
10/12/2022, 9:42 PMthis is our logging cfg
wennan.he
10/12/2022, 9:42 PMand it means it returns the all the stdout and stderr to fleet?
3 Views