@zwass Fleet 2.6, osquery 4.4.0 -

fleetctl get options

--> https://gist.github.com/defensivedepth/4bdcdaa29dca243267548539bb9b235b I am seeing:

{"s":1,"f":"options.cpp","i":91,"m":"Cannot set unknown or invalid flag: enable_windows_events_publisher","h":"24D8FD7C-8AE0-411A-94DE-552134C73926","c":"Sat Aug 15 17:47:14 2020 UTC","u":1597513634}
{"s":1,"f":"options.cpp","i":91,"m":"Cannot set unknown or invalid flag: enable_windows_events_subscriber","h":"24D8FD7C-8AE0-411A-94DE-552134C73926","c":"Sat Aug 15 17:47:14 2020 UTC","u":1597513634}

These are new as of 4.4.0 - see this thread: https://osquery.slack.com/archives/C0FHNQ2N6/p1596132276274800 Am I referencing them wrong for Fleet? Or does Fleet need to be updated to support this change?

(no, I think I misread something)

This is a log from osquery, yeah? Looks to me like you are setting the flag appropriately based on Stefano's description.

derp user error. That was a log from osquery on centos, which makes sense that it cant set that flag.

Nice 🙂