fleet/examples/config-many-files/config.yml

---
apiVersion: k8s.kolide.com/v1alpha1
kind: OsqueryOptions
spec:
  config:
    options:
      distributed_interval: 3
      distributed_tls_max_attempts: 3
      logger_plugin: tls
      logger_tls_endpoint: /api/v1/osquery/log
      logger_tls_period: 10
  overrides:
    # Note configs in overrides take precedence over the default config defined
    # under the config key above. With this config file, the base config would
    # only be used for Windows hosts, while Mac and Linux hosts would pull
    # these overrides.
    platforms:
      darwin:
        options:
          distributed_interval: 10
          distributed_tls_max_attempts: 10
          logger_plugin: tls
          logger_tls_endpoint: /api/v1/osquery/log
          logger_tls_period: 300
          disable_tables: chrome_extensions
          docker_socket: /var/run/docker.sock
        file_paths:
          users:
            - /Users/%/Library/%%
            - /Users/%/Documents/%%
          etc:
            - /etc/%%
      linux:
        options:
          distributed_interval: 10
          distributed_tls_max_attempts: 3
          logger_plugin: tls
          logger_tls_endpoint: /api/v1/osquery/log
          logger_tls_period: 60
          schedule_timeout: 60
          docker_socket: /etc/run/docker.sock
        file_paths:
          homes:
            - /root/.ssh/%%
            - /home/%/.ssh/%%
          etc:
            - /etc/%%
          tmp:
            - /tmp/%%
        exclude_paths:
          homes:
            - /home/not_to_monitor/.ssh/%%
          tmp:
            - /tmp/too_many_events/
Remove OsqueryQueries file type (#1622) 2017-11-16 02:10:11 +03:00			`---`
Making the file format more operator friendly (#1605) 2017-11-14 04:11:08 +03:00			`apiVersion: k8s.kolide.com/v1alpha1`
			`kind: OsqueryOptions`
Initial CLI and file format for fleetctl This PR implements a program called `fleetctl` which scaffolds a high level CLI interface which can be used to manage a Fleet server. Configuration is articulated using an intent-based API that resembles the API that is used to configure Kubernetes clusters. The idea here is to use the Kubernetes file format as a pattern to reduce the need for operators to become too intimately familiar with dramatically different file formats. (#1578) 2017-11-12 21:58:19 +03:00			`spec:`
			`config:`
Transition osquery options interfaces for compatibility with fleetctl (#1649) - Refinements to options yaml definition - Datastore and service implementations - Migration to bring existing options into new table format 2017-12-14 02:14:54 +03:00			`options:`
			`distributed_interval: 3`
			`distributed_tls_max_attempts: 3`
			`logger_plugin: tls`
			`logger_tls_endpoint: /api/v1/osquery/log`
			`logger_tls_period: 10`
Make OsqueryOptions hierarchical by platform (#1625) - Allow overriding base config on a per-platform basis. - Merge FIM configs into the OsqueryOptions object. 2017-11-16 21:58:47 +03:00			`overrides:`
Transition osquery options interfaces for compatibility with fleetctl (#1649) - Refinements to options yaml definition - Datastore and service implementations - Migration to bring existing options into new table format 2017-12-14 02:14:54 +03:00			`# Note configs in overrides take precedence over the default config defined`
			`# under the config key above. With this config file, the base config would`
			`# only be used for Windows hosts, while Mac and Linux hosts would pull`
			`# these overrides.`
Make OsqueryOptions hierarchical by platform (#1625) - Allow overriding base config on a per-platform basis. - Merge FIM configs into the OsqueryOptions object. 2017-11-16 21:58:47 +03:00			`platforms:`
			`darwin:`
Transition osquery options interfaces for compatibility with fleetctl (#1649) - Refinements to options yaml definition - Datastore and service implementations - Migration to bring existing options into new table format 2017-12-14 02:14:54 +03:00			`options:`
			`distributed_interval: 10`
			`distributed_tls_max_attempts: 10`
			`logger_plugin: tls`
			`logger_tls_endpoint: /api/v1/osquery/log`
			`logger_tls_period: 300`
			`disable_tables: chrome_extensions`
			`docker_socket: /var/run/docker.sock`
			`file_paths:`
			`users:`
			`- /Users/%/Library/%%`
			`- /Users/%/Documents/%%`
			`etc:`
			`- /etc/%%`
Make OsqueryOptions hierarchical by platform (#1625) - Allow overriding base config on a per-platform basis. - Merge FIM configs into the OsqueryOptions object. 2017-11-16 21:58:47 +03:00			`linux:`
Transition osquery options interfaces for compatibility with fleetctl (#1649) - Refinements to options yaml definition - Datastore and service implementations - Migration to bring existing options into new table format 2017-12-14 02:14:54 +03:00			`options:`
			`distributed_interval: 10`
			`distributed_tls_max_attempts: 3`
			`logger_plugin: tls`
			`logger_tls_endpoint: /api/v1/osquery/log`
			`logger_tls_period: 60`
			`schedule_timeout: 60`
			`docker_socket: /etc/run/docker.sock`
			`file_paths:`
			`homes:`
			`- /root/.ssh/%%`
			`- /home/%/.ssh/%%`
			`etc:`
			`- /etc/%%`
			`tmp:`
			`- /tmp/%%`
			`exclude_paths:`
			`homes:`
			`- /home/not_to_monitor/.ssh/%%`
			`tmp:`
			`- /tmp/too_many_events/`