benbass09/23/2021, 7:50 PM
set as the permissions on the osquery.results.log on the endpoints. Using tls dump I can see that logger mode is being sent to the endpoint, it just doesn’t look like it is being implemented by osquery (5.0.1).
zwass09/23/2021, 10:11 PM
Does logger mode have to be set via the command line flags, or can we manage it with fleet?In theory it should be configurable by Fleet as it is document as an option in osquery. I've seen plenty of osquery options not respecting this in the past though. Is there possibly some issue with returning a string value vs. integer value?
benbass09/23/2021, 10:34 PM
and when I set
in fleet, fleet resets the configs to the previous version.
zwass09/24/2021, 12:20 AM
benbass09/24/2021, 1:26 PM