Hi everyone I have a problem when I config command line flag

Question

Hi everyone I have a problem when I config command line flags in Agent options in Fleet UI the config of agents not be updated throught the configuration of command line flags I checked it by query osquery flags table and received results that flag in table are not updated What did I do wrong Thanks

Kathy Satterlee · Answer

Hi < dinh bui> Are you using plain osquery on your hosts or Fleet s installer packages

dinh.bui · Answer

Hi < Kathy Satterlee> I m using orbit that was build from fleetctl

Kathy Satterlee · Answer

Perfect Can you show me what your configuration looks like The most likely culprit is that the ` ` was left in there This won t work ```command line flags enable file events true``` This will ```command line flags enable file events true```

dinh.bui · Answer

Of course This is my full configuration in Agent options ```config options pack delimiter logger tls period 10 distributed plugin tls disable distributed false logger tls endpoint api osquery log distributed interval 10 distributed tls max attempts 3 decorators load SELECT version FROM osquery info SELECT uuid AS host uuid FROM system info always gt SELECT user AS username FROM logged in users WHERE user lt gt ORDER BY time LIMIT 1 command line flags events max 500000 audit persist true disable audit false events expiry 1 disable events false audit allow config true enable file events true logger rotate size 26214400 audit allow sockets true watchdog memory limit 150 logger rotate max files 5 audit allow process events true watchdog utilization limit 130```

dinh.bui · Answer

I read section Manage osquery flags remotely with Orbit in this link <https fleetdm com releases fleet 4 21 0> Orbit regularly checks flags from Fleet according to the `distributed interval` setting And I config the flag distributed interval=10 in the opt orbit osquery flags It did not work By the way do you know how long the orbit will fetch the flag configuration that was config in Fleet UI