Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
g
Gavin
12/02/2019, 7:15 PMI think this has been covered before but can launcher be used to configure multiple sources ?
m
Matt K
12/02/2019, 7:35 PMWhen you say
sourcesFleets
seph
12/02/2019, 7:46 PMIf you mean servers, no. But you can run multiple launchers.
m
Matt K
12/02/2019, 8:27 PM@seph so in theory I could have a launcher for a private/internal network Fleet server and then another launcher that connects to a "public internet" Fleet server?
s
seph
12/02/2019, 8:32 PMSure. Make sure they have different root directories, etc.
When I’m testing things, I often run a bunch of different launchers on a machine. It’s just a binary.
m
Matt K
12/02/2019, 8:33 PMNeat; now to find a way to limit the available tables in one of the launcher/osquery instances and I could implement a stretch goal (internal Fleet servers have access to the full osquery table-set, public Fleet server is locked down to a few small tables like sysinfo, wifi_survey, etc.)
i.e. helping geolocate a laptop if its stolen, while limiting exposure/risk having a Fleet server publically accessible (Fleet/osquery + Wigle = poor man's lojack)
s
seph
12/02/2019, 8:35 PMYou would need to patch launcher to setup a table blacklist.
I’m curious about the use case of two fleet severs like that.
g
Gavin
12/02/2019, 9:16 PMI was meaning single launcher to a different TLS server direct but we can just run a separate osquery for this if needed
s
seph
12/02/2019, 9:17 PMYou can run as many launchers as you want to.