https://github.com/osquery/osquery logo
Join Slack
Powered by
Hello! How can I deploy (and convert may be) this ...
# kolide
k
Hello! How can I deploy (and convert may be) this config https://github.com/palantir/osquery-configuration/blob/master/Servers/Linux/osquery.conf via fleet? I find nothing about it in docs. I use a Fleet from docker image.
b
Copy code
fleetctl convert -f /path/to/osquery.conf > osquery.yml
fleetctl apply -f osquery.yml
If you haven't done this before, you may have to 
fleetctl config set --address <https://your.fleet.address>
and 
fleetctl login
k
Copy code
fleetctl convert
not works for this config. It returns almost empty yml
Copy code
cat osquery.conf.yml
---
apiVersion: v1
kind: pack
spec:
  name: osquery
  targets:
    labels: null
I devided that config in separate files (FIM settings, queries pack, settings), did some manual editing and voila -
Copy code
fleetctl convert
did job perfectly.
b
Hmm. Good to know. I've converted files containing packs and queries together, but never with everything in one file.
3 Views
Open in Slack
PreviousNext
Powered by