How do I set up osQuery to keep the process running if I wan

Question

How do I set up osQuery to keep the process running if I want it to I followed the instructions but the following error occurred My osquery flags sudo osqueryd enroll secret path= var osquery enroll secret tls server certs= var osquery server pem tls hostname=10 224 100 2 8080 host identifier=uuid enroll tls endpoint= api v1 osquery enroll config plugin=tls config tls endpoint= api v1 osquery config config refresh=10 disable distributed=false distributed plugin=tls distributed interval=3 distributed tls max attempts=3 distributed tls read endpoint= api v1 osquery distributed read distributed tls write endpoint= api v1 osquery distributed write logger plugin=tls logger tls endpoint= api v1 osquery log logger tls period=10

Joshua B · Answer

your osquery flags file should be only the flags no ` ` and no sudo osqueryd

Joshua B · Answer

enroll secret path= var osquery enroll secret tls server certs= var osquery server pem tls hostname=10 224 100 2 8080 host identifier=uuid enroll tls endpoint= api v1 osquery enroll config plugin=tls config tls endpoint= api v1 osquery config config refresh=10 disable distributed=false distributed plugin=tls distributed interval=3 distributed tls max attempts=3 distributed tls read endpoint= api v1 osquery distributed read distributed tls write endpoint= api v1 osquery distributed write logger plugin=tls logger tls endpoint= api v1 osquery log logger tls period=10

Joshua B · Answer

each flag on it s own line

Joshua B · Answer

<https osquery readthedocs io en stable installation cli flags flagfile> Then you can use flagfile to refer to those flags