Hi all, It is not clear to me how should I write the configuration file (option.yml) used by

fleetctl apply -f

. For example if I wanna change

osquery_status_log_plugin

I can see in the docs the config file format:

osquery:
  status_log_plugin: firehouse

How should I write config file for fleetctl? I’ve tried something like:

---
apiVersion: v1
kind: options
spec:
  osquery:
    status_log_plugin: stdout

but nothing changed

I believe this doc will help you. Essentially, you may have to follow the

yaml

format for

kind: config

. Let us know how that works out.

@Martavis Parker This is my option.yaml:

---
apiVersion: v1
kind: config
spec:
  osquery:
    result_log_plugin: stdout

the command (after the fleetctl configuration and login) is this one:

fleetctl apply -f ./option.yaml

it says:

[+] applied fleet config

But fleet doesn’t logs on the stdout, it uses the previous configuration. Another usecase: I’ve also tried to start fleet with stdout plugin but when I try to change it into filesystem or firehose plugin through fleetctl command fleet still write the logs with the previous plugin (= stdout in this usecase) Note: I’m using fleet 3.11

Hi Bacarus, to configure

result_log_plugin

you need to set it in the config for fleet server, not through fleetctl. Here's a few examples: https://github.com/fleetdm/fleet/blob/main/docs/2-Deploying/2-Configuration.md#using-a-config-file, you would add a

osquery:

section and inside it you would set

result_log_plugin