From 49231f19beb3b066ca0fb349b6f171743b3d66af Mon Sep 17 00:00:00 2001 From: Katheryn Satterlee Date: Mon, 27 Jan 2025 13:35:46 -0600 Subject: [PATCH] Update agent-configuration.md (#25740) - Updated the query suggested to view all osquery flags - Added a note that running this query through osqueryi will not reflect the settings in use by osqueryd. # Checklist for submitter If some of the following don't apply, delete the relevant line. Documentation only change --------- Co-authored-by: Rachael Shaw --- docs/Configuration/agent-configuration.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/Configuration/agent-configuration.md b/docs/Configuration/agent-configuration.md index 36158f76f0f0..75d75a04caec 100644 --- a/docs/Configuration/agent-configuration.md +++ b/docs/Configuration/agent-configuration.md @@ -53,10 +53,10 @@ config: To see a description for all available settings, first [enroll your host](https://fleetdm.com/guides/enroll-hosts) to Fleet. Then, open your **Terminal** app and run `sudo orbit shell` to open an interactive osquery shell. Then run the following osquery query: ``` -osquery > SELECT name, value, description FROM osquery; +osquery > SELECT name, default_value, value, description FROM osquery_flags; ``` -You can also run this query to verify that the latest settings have been applied to your hosts. +> Running the interactive osquery shell loads a standalone instance of osquery, with a default configuration rather than the one set in `Agent options`. If you'd like to verify that your hosts are running with the latest settings set in `options`, run the query as a live query through Fleet. > If you revoked an old enroll secret, the `command_line_flags` won't update for hosts that enrolled to Fleet using this old enroll secret. This is because fleetd uses the enroll secret to receive new flags from Fleet. For these hosts, all existing features will work as expected.