From 0046e1d240bf947697580d348b78113e28bb5a2b Mon Sep 17 00:00:00 2001
From: Victor Palma <palma.victor@gmail.com>
Date: Tue, 23 Oct 2018 00:36:25 -0500
Subject: [PATCH] fix osquery filesystem logging

  This fixes the issue where osquery does not log locally; making
  the elk_metrics_6x integration possible.

Change-Id: Ice506018757dee5ee02ef7fa0593ce06aae9c515
---
 osquery/vars/variables.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/osquery/vars/variables.yml b/osquery/vars/variables.yml
index 188d52a1..3a80601b 100644
--- a/osquery/vars/variables.yml
+++ b/osquery/vars/variables.yml
@@ -10,7 +10,7 @@ osquery_flags:
   - "--tls_hostname={{ hostvars[groups['kolide-fleet_all'][0]]['ansible_host'] }}:443"
   - "--host_identifier=hostname"
   - "--enroll_tls_endpoint=/api/v1/osquery/enroll"
-  - "--config_plugin=tls"
+  - "--config_plugin=filesystem,tls"
   - "--config_tls_endpoint=/api/v1/osquery/config"
   - "--config_tls_refresh=10"
   - "--disable_distributed=false"