https://github.com/osquery/osquery logo
Powered by
Title
k

Konstantin

09/05/2018, 10:48 AM
Hello! How can I deploy (and convert may be) this config https://github.com/palantir/osquery-configuration/blob/master/Servers/Linux/osquery.conf via fleet? I find nothing about it in docs. I use a Fleet from docker image.
b

brandon

09/05/2018, 8:35 PM
fleetctl convert -f /path/to/osquery.conf > osquery.yml
fleetctl apply -f osquery.yml
If you haven't done this before, you may have to 
fleetctl config set --address <https://your.fleet.address>
and 
fleetctl login
k

Konstantin

09/05/2018, 8:43 PM
fleetctl convert
not works for this config. It returns almost empty yml 
cat osquery.conf.yml
---
apiVersion: v1
kind: pack
spec:
  name: osquery
  targets:
    labels: null
I devided that config in separate files (FIM settings, queries pack, settings), did some manual editing and voila - 
fleetctl convert
did job perfectly.
b

brandon

09/06/2018, 9:37 PM
Hmm. Good to know. I've converted files containing packs and queries together, but never with everything in one file.
3 Views
#kolideJoin Slack
Powered by