ESXi RAM Bump, osquery fixes

ESXi/main.tf

@@ -72,7 +72,7 @@ resource "esxi_guest" "dc" {
   boot_disk_type = "thin"
   boot_disk_size = "35"
 
-  memsize            = "2048"
+  memsize            = "4096"
   numvcpus           = "2"
   resource_pool_name = "/"
   power              = "on"

Vagrant/bootstrap.sh

@@ -269,6 +269,7 @@ import_osquery_config_into_fleet() {
   # Don't log osquery INFO messages
   fleetctl get options > /tmp/options.yaml
   /usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.logger_min_status' '1'
+  /usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.logger_snapshot_event_type' '2'
   fleetctl apply -f /tmp/options.yaml
 
   # Use fleetctl to import YAML files

Vagrant/scripts/install-osquery.ps1

@@ -26,6 +26,8 @@ If (-not ($service)) {
   (Get-Content "c:\Program Files\osquery\osquery.flags") -replace 'path\\to\\file\\containing\\secret.txt', 'Program Files\osquery\kolide_secret.txt' | Set-Content "c:\Program Files\osquery\osquery.flags"
   ## Change path to certfile
   (Get-Content "c:\Program Files\osquery\osquery.flags") -replace 'c:\\ProgramData\\osquery\\certfile.crt', 'c:\Program Files\osquery\certfile.crt' | Set-Content "c:\Program Files\osquery\osquery.flags"
+  ## Remove the verbose flag and replace it with the logger_min_status=1 option (See https://github.com/osquery/osquery/issues/5212)
+  (Get-Content "c:\Program Files\osquery\osquery.flags") -replace '--verbose=true', '--logger_min_status=1' | Set-Content "c:\Program Files\osquery\osquery.flags"
   ## Add certfile.crt
   Copy-Item "c:\vagrant\resources\fleet\server.crt" "c:\Program Files\osquery\certfile.crt"
   ## Start the service