I think this has been covered before but can launc...
# kolideg
Gavin
12/02/2019, 7:15 PMI think this has been covered before but can launcher be used to configure multiple sources ?
m
Matt K
12/02/2019, 7:35 PMWhen you say
sourcesFleets
seph
12/02/2019, 7:46 PM
If you mean servers, no. But you can run multiple launchers.
m
Matt K
12/02/2019, 8:27 PM@seph so in theory I could have a launcher for a private/internal network Fleet server and then another launcher that connects to a "public internet" Fleet server?
s
seph
12/02/2019, 8:32 PM
Sure. Make sure they have different root directories, etc.
seph
12/02/2019, 8:32 PM
When I’m testing things, I often run a bunch of different launchers on a machine. It’s just a binary.
m
Matt K
12/02/2019, 8:33 PMNeat; now to find a way to limit the available tables in one of the launcher/osquery instances and I could implement a stretch goal (internal Fleet servers have access to the full osquery table-set, public Fleet server is locked down to a few small tables like sysinfo, wifi_survey, etc.)
Matt K
12/02/2019, 8:33 PMi.e. helping geolocate a laptop if its stolen, while limiting exposure/risk having a Fleet server publically accessible (Fleet/osquery + Wigle = poor man's lojack)
s
seph
12/02/2019, 8:35 PM
You would need to patch launcher to setup a table blacklist.
seph
12/02/2019, 8:35 PM
I’m curious about the use case of two fleet severs like that.
g
Gavin
12/02/2019, 9:16 PMI was meaning single launcher to a different TLS server direct but we can just run a separate osquery for this if needed
s
seph
12/02/2019, 9:17 PM
You can run as many launchers as you want to.