New guy question incoming, I can successfully load my flagfile with osqueryd --flagfile <location> but I can’t figure out how to get it loaded by the daemon automatically. I have the flag file at both /etc/osquery/osquery.flags and /etc/osquery/osquery.flags.default I’m on MacOS 15.6 if that makes a difference.

What do you mean by automatically? When osqueryd is executed by launchd?

Yeah, moved the osquery.flags file to /var/osquery/ and it’s working as expected now. Sorry for the poor description.

Great! You can have the flagfile anywhere you like if you pass the

--flagfile

argument within your launchd config.