https://github.com/osquery/osquery logo
Powered by
#kolide
Title
# kolide
d

defensivedepth

08/15/2020, 7:46 PM
@zwass Fleet 2.6, osquery 4.4.0 - 
fleetctl get options
--> https://gist.github.com/defensivedepth/4bdcdaa29dca243267548539bb9b235b I am seeing:
Copy code
{"s":1,"f":"options.cpp","i":91,"m":"Cannot set unknown or invalid flag: enable_windows_events_publisher","h":"24D8FD7C-8AE0-411A-94DE-552134C73926","c":"Sat Aug 15 17:47:14 2020 UTC","u":1597513634}
{"s":1,"f":"options.cpp","i":91,"m":"Cannot set unknown or invalid flag: enable_windows_events_subscriber","h":"24D8FD7C-8AE0-411A-94DE-552134C73926","c":"Sat Aug 15 17:47:14 2020 UTC","u":1597513634}
These are new as of 4.4.0 - see this thread: https://osquery.slack.com/archives/C0FHNQ2N6/p1596132276274800 Am I referencing them wrong for Fleet? Or does Fleet need to be updated to support this change?
s

seph

08/16/2020, 1:07 AM
(no, I think I misread something)
z

zwass

08/17/2020, 4:01 PM
This is a log from osquery, yeah? Looks to me like you are setting the flag appropriately based on Stefano's description.
d

defensivedepth

08/18/2020, 7:05 PM
derp user error. That was a log from osquery on centos, which makes sense that it cant set that flag.
Nothing to see here, move along 👌
z

zwass

08/18/2020, 7:06 PM
Nice 🙂
Powered by