![]() Both the shell and daemon will discover and use the defaults. If no -flagfile is provided, osquery will try to find and use a "default" flagfile at /etc/osquery/. ![]() Include line-delimited switches to be interpreted and used as CLI-flags: -config_plugin=custom_plugin On macOS and Linux this -flagfile is the recommended way to add/remove the following CLI-only initialization flags. To see the flags that have been updated by your configuration, a flag file, or by the shell try: osquery> SELECT * FROM osquery_flags WHERE default_value value Ī special flag, part of Google Flags, can be used to read additional flags from a line-delimited file. To see a full list of flags for your osquery version use -help or select from the osquery_flags table: $ osqueryi Google Flags enhances this to allow flags to be set within environment variables or via a "master" flag file. Essentially, any flag needed to help osquery determine and discover a configuration must be supplied via command-line arguments. Refer to the techniques below for obtaining ground truth and check other components of this Wiki.įlags that do not control startup settings may be included as "options" within configuration. Warning, this list is still not the 'complete set' of flags. Most platform specific flags will control the OS API and library integrations used by osquery. Expect Linux, macOS, and Windows to include platform specific flags too. The shell contains a few more to help with printing and other helpful one-off modes of operation. ![]() Most flags apply to both tools, osqueryi and osqueryd. Understanding how flags work in osquery will help with stability and greatly reduce issue debugging time. These flags are powered by Google Flags and are somewhat complicated. The osquery shell and daemon use optional command-line (CLI) flags to control initialization, disable/enable features, and select plugins.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |