https://github.com/osquery/osquery logo
Title
g

Gavin

12/02/2019, 7:15 PM
I think this has been covered before but can launcher be used to configure multiple sources ?
m

Matt K

12/02/2019, 7:35 PM
When you say
sources
do you mean like
Fleet
servers?
s

seph

12/02/2019, 7:46 PM
If you mean servers, no. But you can run multiple launchers.
m

Matt K

12/02/2019, 8:27 PM
@seph so in theory I could have a launcher for a private/internal network Fleet server and then another launcher that connects to a "public internet" Fleet server?
s

seph

12/02/2019, 8:32 PM
Sure. Make sure they have different root directories, etc.
When I’m testing things, I often run a bunch of different launchers on a machine. It’s just a binary.
m

Matt K

12/02/2019, 8:33 PM
Neat; now to find a way to limit the available tables in one of the launcher/osquery instances and I could implement a stretch goal (internal Fleet servers have access to the full osquery table-set, public Fleet server is locked down to a few small tables like sysinfo, wifi_survey, etc.)
i.e. helping geolocate a laptop if its stolen, while limiting exposure/risk having a Fleet server publically accessible (Fleet/osquery + Wigle = poor man's lojack)
s

seph

12/02/2019, 8:35 PM
You would need to patch launcher to setup a table blacklist.
I’m curious about the use case of two fleet severs like that.
g

Gavin

12/02/2019, 9:16 PM
I was meaning single launcher to a different TLS server direct but we can just run a separate osquery for this if needed
s

seph

12/02/2019, 9:17 PM
You can run as many launchers as you want to.