@zwass Hey Zach. Last week I had some issues on boarding windows machines, where they were not picking up the correct override. By re-applying the config things seemed to work, but only for the devices already enrolled. We added a new one today and are running into the same issue, meanwhile the two existing windows clients are humming along nicely.

Is this immediately after enrolling? Does it still get the wrong config after the details update and Fleet knows the correct platform?

This is immediately after enrolling. The new PC is showing up just as a stub in fleet, and we are getting an error on the host (with verbose and tls_dump) that it can’t activate the file system logger plugin at /var/log/osquery/osqueryd.results.log

Does this cause osquery to shut down?

I believe so.

Ah yeah that makes sense. Fleet doesn't figure out that the host is Windows until it is able to run a distributed query to get the details. So the override doesn't apply.

Interesting. So fleet sends the default options, the windows one goes, well I can’t do that, and then stops.

Likely

Yeah, my issue is I don’t know what flavor of linux I will be managing down the road.

IIRC there is also a way to get some details during enrollment... I'm going to see what else I can find.

I’ll see what I can do as a work around for now - I might have to adjust the default logger.

Ah yeah actually osquery already sends details including platform by default... We could save this during the enrollment.

That would be awesome.