From 7dc7e6916c318cc6e2e1eb389fd3dd761b5de27d Mon Sep 17 00:00:00 2001
From: Chris Long <clong@cl0ng.com>
Date: Mon, 1 Jun 2020 22:51:14 -0700
Subject: [PATCH] ESXi RAM Bump, osquery fixes

---
 ESXi/main.tf                        | 2 +-
 Vagrant/bootstrap.sh                | 1 +
 Vagrant/scripts/install-osquery.ps1 | 2 ++
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ESXi/main.tf b/ESXi/main.tf
index ca911ab..1b0d673 100644
--- a/ESXi/main.tf
+++ b/ESXi/main.tf
@@ -72,7 +72,7 @@ resource "esxi_guest" "dc" {
   boot_disk_type = "thin"
   boot_disk_size = "35"
 
-  memsize            = "2048"
+  memsize            = "4096"
   numvcpus           = "2"
   resource_pool_name = "/"
   power              = "on"
diff --git a/Vagrant/bootstrap.sh b/Vagrant/bootstrap.sh
index 35ccaed..4e6b2b8 100644
--- a/Vagrant/bootstrap.sh
+++ b/Vagrant/bootstrap.sh
@@ -269,6 +269,7 @@ import_osquery_config_into_fleet() {
   # Don't log osquery INFO messages
   fleetctl get options > /tmp/options.yaml
   /usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.logger_min_status' '1'
+  /usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.logger_snapshot_event_type' '2'
   fleetctl apply -f /tmp/options.yaml
 
   # Use fleetctl to import YAML files
diff --git a/Vagrant/scripts/install-osquery.ps1 b/Vagrant/scripts/install-osquery.ps1
index e5ffec3..0cd42a7 100755
--- a/Vagrant/scripts/install-osquery.ps1
+++ b/Vagrant/scripts/install-osquery.ps1
@@ -26,6 +26,8 @@ If (-not ($service)) {
   (Get-Content "c:\Program Files\osquery\osquery.flags") -replace 'path\\to\\file\\containing\\secret.txt', 'Program Files\osquery\kolide_secret.txt' | Set-Content "c:\Program Files\osquery\osquery.flags"
   ## Change path to certfile
   (Get-Content "c:\Program Files\osquery\osquery.flags") -replace 'c:\\ProgramData\\osquery\\certfile.crt', 'c:\Program Files\osquery\certfile.crt' | Set-Content "c:\Program Files\osquery\osquery.flags"
+  ## Remove the verbose flag and replace it with the logger_min_status=1 option (See https://github.com/osquery/osquery/issues/5212)
+  (Get-Content "c:\Program Files\osquery\osquery.flags") -replace '--verbose=true', '--logger_min_status=1' | Set-Content "c:\Program Files\osquery\osquery.flags"
   ## Add certfile.crt
   Copy-Item "c:\vagrant\resources\fleet\server.crt" "c:\Program Files\osquery\certfile.crt"
   ## Start the service