Hi everyone I have a question about fleet options When setti

Question

Hi everyone I have a question about fleet options When setting an option in Fleet does that override the local osquery client option that s set in the flags file For example if we have logger plugin tls at Fleet but logger plugin tls filesystem configured on our clients which one wins

Dan Achin · Answer

Well someone here at my company confirmed that the Fleet settings DO in fact override the local flags If that s the case how do we set client OS specific things like if we wanted to add the windows event logger Can we make os specific stanzas

Gavin · Answer

zwass · Answer

specifically the `overrides` section

Dan Achin · Answer

thanks

Dan Achin · Answer

< zwass> < Gavin> do either of you know if the overrides could be done via a label or at least something more granular than OS I think it would be very powerful and flexible if we could target smaller groups of hosts even for testing a change that would be valuable < Seth Hanford> ^^ in case you want to follow this

Gavin · Answer

Zach is the person to answer sadly

Seth Hanford · Answer

In my experience overrides are OS specific and are an osquery ism not a fleet ism though Fleet pushes the config Happy to learn differently tho

Dan Achin · Answer

thanks guys fingers crossed

zwass · Answer

Overrides are a fleet ism and don t currently support what you are looking for The main reason for this is that hosts can be in multiple labels and it s not clear how the configs should be merged That said we are aware that folks desire to manage various configs at a finer grained level than platform and want to find a good way to support this Is there a specific subset of options you are interested in managing

zwass · Answer

To elaborate I believe certain configs can merge just fine eg `file paths` for FIM Others not so much eg `logger plugin tls aws kinesis` and `logger lugin tls filesystem` should a host get all three Which one overrides One idea is to allow hosts to be assigned to something similar to a label but with only a single assignment per host Then configs can be targeted to that new label thing without having to address the merging problem

Dan Achin · Answer

right that makes sense < zwass> Ya it s logger plugin that we are currently looking to set for windows only We ll just need another way to test that roll out in a sep env I m guessing

zwass · Answer

The override does let you set it for all windows hosts Do you need to target only a subset of Windows hosts You can always push the logger plugin config via flagfile and not set it in Fleet Then you can get more granular than the overrides allow if you have the capability to push different flagfiles to different hosts

Dan Achin · Answer

thanks < zwass> we use flag files but they are overridden by Fleet which i just learned

zwass · Answer

Yes but they won t be overridden if you don t set the value in Fleet

zwass · Answer

Or maybe just don t set the value in the `windows` override in the Fleet config

Dan Achin · Answer

hmmmm thinking about that right yes that s a good point so we could set a logger plugin= with no value in a windows section then control it all via flags would that work

Dan Achin · Answer

then we can at least manually test changes locally

Dan Achin · Answer

we could do this for all our OSs actually since we control our flags file in our config managment

Dan Achin · Answer

ok cool maybe we ll just take the logger plugin out all together and control locally will have to play around with that thanks for the suggestion

Dan Achin · Answer

Last question < zwass> is there a defined minimum set of config for options yaml in fleet settings that absolutely must be set even if there s a local config or can we actually control basically everything in flags

Dan Achin · Answer

i m thinking just the stuff under the options stanza btw

zwass · Answer

I can t think of any minimum set You should be able to leave it empty if you ve configured everything else necessary via flagfile or CLI flags

zwass · Answer

Then you can just configure packs queries via Fleet

Dan Achin · Answer

< zwass> a quick follow up on this We control our config files via puppet hiera and I m struggling to figure out where the settings I see when running `fleetctl get options`are stored so that we can get the file into our hiera The link sent by Gavin above shows them in a config yml file but I m not finding that file on our servers We do have etc fleet config yaml but that file contains things like redis and mysql connection info not client config options Similar question for where `fleetctl get config` info is stored since we d like to put that into hiera also

zwass · Answer

< Dan Achin> that file that Gavin referenced has a confusing name which I will fix now The settings for `fleetctl get options` osquery options are stored in the Fleet database The settings for `fleetctl get config` Fleet application config are also stored in the Fleet database

zwass · Answer

What many folks do is store those files in version control and then use `fleetctl apply f` to apply them to Fleet in their CI run

Dan Achin · Answer

ah

Dan Achin · Answer

ok that makes sense thanks

Dan Achin · Answer

i thought maybe they were in the DB but then there was that file