Hey how can I force osqueryd daemons to restart uppon an upd

Question

Hey how can I force osqueryd daemons to restart uppon an update in the config flags from the server I tried the `force=True` flag but its not working

zwass · Answer

You can t force a restart of osquery from the remote APIs It s not supported by osquery Many configs can be dynamically changed while osquery is running though What are you trying to change

Julian Scala · Answer

The loggin plugin from `tls` to `aws kinesis`

Julian Scala · Answer

Is there a place where I can get which flags can be dynamically changed Also maybe which flags MUST live on the flags file and which we can set from server config

Julian Scala · Answer

Cant find details of that in the documentation

Erich Stoekl · Answer

A better way to change flags would be with your configuration management tooling How do you deploy osquery in the first place

Julian Scala · Answer

What you mean by configuration management toooling We update the config though `fleetctl`

zwass · Answer

He probably means however you are laying down osquery and the flagfile But I think you should be able to set the logging plugin via the TLS config Did it not work

zwass · Answer

Take a look at `osqueryd help` Top section is flag only options Lower section is flag or config options

Julian Scala · Answer

It works but requires the daemon to be restarted to start logging to the new plugin We switched from `tls` plugin to `kinesis` but does not take effect until the daemon is restarted Even tried to push the flag ` force=True` but also didnt work

zwass · Answer

the `force` flag is unrelated