0046e1d240
This fixes the issue where osquery does not log locally; making the elk_metrics_6x integration possible. Change-Id: Ice506018757dee5ee02ef7fa0593ce06aae9c515
28 lines
1.1 KiB
YAML
28 lines
1.1 KiB
YAML
---
|
|
kolide_fleet_ssl_cert: /etc/ssl/certs/fleet.cert
|
|
kolide_fleet_ssl_key: /etc/ssl/private/fleet.key
|
|
kolide_fleet_ssl_ca_cert: /etc/ssl/certs/fleet-ca.pem
|
|
kolide_fleet_ssl_pem: /etc/ssl/private/fleet.pem
|
|
|
|
osquery_enroll_secret_file: /etc/osquery/osquery_enroll_secret
|
|
osquery_flags:
|
|
- "--tls_server_certs={{ kolide_fleet_ssl_cert }}"
|
|
- "--tls_hostname={{ hostvars[groups['kolide-fleet_all'][0]]['ansible_host'] }}:443"
|
|
- "--host_identifier=hostname"
|
|
- "--enroll_tls_endpoint=/api/v1/osquery/enroll"
|
|
- "--config_plugin=filesystem,tls"
|
|
- "--config_tls_endpoint=/api/v1/osquery/config"
|
|
- "--config_tls_refresh=10"
|
|
- "--disable_distributed=false"
|
|
- "--distributed_plugin=tls"
|
|
- "--distributed_interval=10"
|
|
- "--distributed_tls_max_attempts=3"
|
|
- "--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read"
|
|
- "--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write"
|
|
- "--logger_path=/var/log/osquery"
|
|
- "--logger_plugin=filesystem,tls"
|
|
- "--logger_tls_endpoint=/api/v1/osquery/log"
|
|
- "--logger_tls_period=10"
|
|
- "--enroll_secret_path={{ osquery_enroll_secret_file }}"
|
|
- "--pidfile=/var/run/osqueryd.pid"
|