https://github.com/osquery/osquery logo
Join Slack
Powered by
if I want to have decorators on queries from fleet...
# kolide
z
if I want to have decorators on queries from fleet, I define them in a config.yaml, does that mean that 
fleet serve
needs to reference the file somehow?
s
you apply them with 
fleetctl
z
there is a 
yaml
option, I want to avoid using 
fleetctl
s
Out of curiosity, why?
In any case, you can’t specify the osquery options like decorators from Fleet’s configuration. See here for what you can configure https://github.com/kolide/fleet/blob/master/docs/infrastructure/configuring-the-fleet-binary.md#osquery
z
this (https://github.com/kolide/fleet/blob/master/examples/config-single-file.yml) leads me to believe I can load a default config
s
Those are objects you can use to interact with Fleet’s API (via 
fleetctl
)
They are converted to JSON and then sent to Fleet’s API
z
fleetctl
is command-line focused and relies on user login to interact w/ fleet (afaik). it's not entirely clear how to install 
fleetctl
either. So why couldn't I just interact with the API directly?
s
You could, nothing is preventing you. And depending on what you are integrating with, that may be a good option rather than using 
fleetctl
. But you would still need to authenticate.
And 
fleetctl
is bundled in every release https://github.com/kolide/fleet/releases/tag/3.1.0
z
ah I see. 🤔 . then the above config link I posted wouldn't work with 
fleet serve --config <config_file
?
s
No
The config file has to be set as defined in the docs I linked
z
ok so the config file for 
fleet serve
is specifically for the fleet binary, and the config file I posted is specifically for 
fleetctl
or the API (propertly converted)
s
Yep
z
I see, thanks!
s
z
👍
2 Views
Open in Slack
PreviousNext
Powered by