Hi wave I m been trying to setup osquery v4 0 2 via kolide f

Question

Hi wave I m been trying to setup osquery v4 0 2 via kolide fleet and it seems that although the configuration is updated when I query I can see they were changed and I also have a differential on `osquery flags` which is triggered osquery itself does not refresh them during runtime I have to manually restart the daemon The flag in question is the `logger plugin` one I m not sure if this is intended or if I m missing something here I tried searching around and found this thread which is somewhat related but `logger plugin` is already defined as `FLAG` and not `CLI FLAG` <https osquery slack com archives C08V7KTJB p1572289712208900 thread ts=1572289712 208900>

seph · Answer

That you d need to restart osquery to see flag file changes seems unsurprising

seph · Answer

There s a pr open to change some of the flag handling behavior I think there s an inconsistency between behavior and docs

theopolis · Answer

< João Godinho> to clarify in your testing you see `logger plugin` is set to the new value when you look at `osquery flags` but osquery is not logging to the new plugin

João Godinho · Answer

Hi sorry timezones basically I have a default flags file with `logger plugin=tls` when the host registers with fleet I send different configurations for the logger `kafka producer` which does not takes effect until the daemon is restarted and when yeah the `osquery flags` shows the new value

João Godinho · Answer

a little more info changing `logger kafka brokers` and `topic` doesn t seem to work either but changing `verbose` for example works