https://github.com/osquery/osquery logo
Title
c

chrismsnz

02/21/2023, 10:37 PM
Just a thing I ran in to regarding: https://fleetdm.com/docs/deploying/faq#what-api-endpoints-should-i-expose-to-the-public-internet It doesn't mention
/api/osquery/log
which is where the scheduled queries/packs etc return to by default. Not sure why its not
/api/v1/osquery/log
or something
k

Kathy Satterlee

02/21/2023, 10:58 PM
Hey @chrismsnz! It's generally recommended to use the
/api/v1/
formatting for endpoints. There are some changes in the works for the API that are slowly being implemented, so some endpoints will work without the version, but all endpoints will work with the version specified. Both
/api/v1/osquery/log
and
/api/osquery/log
will work. I see that we've got some references to
/api/osquery/log
in the configuration documentation, I'll get that updated to use the standard endpoint.
c

chrismsnz

02/21/2023, 11:00 PM
Ah ok they both work! I'll change the agent config then. Thanks
k

Kathy Satterlee

02/21/2023, 11:01 PM
Any time.
c

chrismsnz

02/21/2023, 11:02 PM
I dont remember changing this file so i suspect it's fleet's out of the box agent config
k

Kathy Satterlee

02/21/2023, 11:03 PM
I'm going to run that part up the flagpole 🙂
Just an FYI, this has spurred some internal discussion. We'll be moving everything in the docs and the default flag files for Orbit to use the
/api/osquery/
endpoints and updating the docs to reflect that. The versioned endpoint will still work and I'll make sure that's called out in the docs as well for backward compatibility :)
c

chrismsnz

02/22/2023, 8:28 PM
Sweet, thanks for the update - will keep it in mind going forward