Fleet can be managed with configuration files (YAML syntax) and the fleetctl command line tool. This page tells you how to write these configuration files.
Changes are applied to Fleet when the configuration file is applied using fleetctl. Check out the [fleetctl documentation](../../Using-Fleet/fleetctl-CLI.md#using-fleetctl-to-configure-fleet) to learn how to apply configuration files.
The following file describes the labels which hosts should be automatically grouped into. The label resource should include the actual SQL query so that the label is self-contained:
The team agent options specify options that only apply to this team. When team-specific agent options have been specified, the agent options specified at the organization level are ignored for this team.
The documentation for this section is identical to the [Agent options](#agent-options) documentation for the organization settings, except that the YAML section where it is set must be as follows. (Note the `kind: team` key and the location of the `agent_options` key under `team` must have a `name` key to identify the team to configure.)
```yaml
apiVersion: v1
kind: team
spec:
team:
name: Client Platform Engineering
agent_options:
# the team-specific options go here
```
#### Secrets
The `secrets` section provides the list of enroll secrets that will be valid for this team. If the section is missing, the existing secrets are left unmodified. Otherwise, they are replaced with this list of secrets for this team.
All possible settings are organized below by section.
Each section's key must be one level below the `spec` key, indented with spaces (not `<tab>` charaters) as required by the YAML format.
For example, when adding the `host_expiry_settings.host_expiry_enabled` setting, you'd specify the `host_expiry_settings` section one level below the `spec` key:
```yaml
apiVersion: v1
kind: config
spec:
host_expiry_settings:
host_expiry_enabled: true
```
#### Features
The `features` section of the configuration YAML lets you define what predefined queries are sent to the hosts and later on processed by Fleet for different functionalities.
> Note: this section used to be named `host_settings`, but was renamed in Fleet v4.20.0,
> `host_settings` is still supported for backwards compatibility.
##### features.additional_queries
This is the additional information to collect from hosts along with the host details. This information will be updated at the same time as other host details and is returned by the API when host objects are returned. Users must take care to keep the data returned by these queries small in order to mitigate potential performance impacts on the Fleet server.
- Optional setting (dictionary of key-value strings)
- Default value: none (empty)
- Config file format:
```
features:
additional_queries:
time: SELECT * FROM time
macs: SELECT mac FROM interface_details
```
- Deprecated config file format:
```
host_settings:
additional_queries:
time: SELECT * FROM time
macs: SELECT mac FROM interface_details
```
##### features.enable_host_users
Whether or not Fleet sends the query needed to gather user-related data from hosts.
- Optional setting (boolean)
- Default value: `true`
- Config file format:
```
features:
enable_host_users: false
```
- Deprecated config file format:
```
host_settings:
enable_host_users: false
```
##### features.enable_software_inventory
Whether or not Fleet sends the query needed to gather the list of software installed on hosts, along with other metadata.
The `host_expiry_settings` section lets you define if and when hosts should be removed from Fleet if they have not checked in. Once a host has been removed from Fleet, it will need to re-enroll with a valid `enroll_secret` to connect to your Fleet instance.
Whether offline hosts' expiration is enabled. If `host_expiry_enabled` is set to `true`, Fleet allows automatic cleanup of hosts that have not communicated with Fleet in some number of days.
- Optional setting (boolean)
- Default value: `false`
- Config file format:
```
host_expiry_settings:
host_expiry_enabled: true
```
##### host_expiry_settings.host_expiry_window
If a host has not communicated with Fleet in the specified number of days, it will be removed.
- Optional setting (integer)
- Default value: `0` (must be > 0 when enabling host expiry)
- Config file format:
```
host_expiry_settings:
host_expiry_window: 10
```
#### Integrations
For more information about integrations and Fleet automations in general, see the [Automations documentation](../../Using-Fleet/Automations.md). Only one automation can be enabled for a given automation type (e.g., for failing policies, only one of the webhooks, the Jira integration, or the Zendesk automation can be enabled).
It's recommended to use the Fleet UI to configure integrations since secret credentials (in the form of an API token) must be provided. See the [Automations documentation](../../Using-Fleet/Automations.md) for the UI configuration steps.
#### Organization information
##### org_info.org_name
The name of the organization.
- Required setting (string)
- Default value: none (provided during Fleet setup)
- Config file format:
```
org_info:
org_name: Fleet
```
##### org_info.org_logo_url
The URL of the logo of the organization.
- Optional setting (string)
- Default value: none (uses Fleet's logo)
- Config file format:
```
org_info:
org_logo_url: https://example.com/logo.png
```
#### Server settings
##### server_settings.debug_host_ids
There's a lot of information coming from hosts, but it's sometimes useful to see exactly what a host is returning in order
to debug different scenarios.
For example, let's say the hosts with ids 342 and 98 are not behaving as you expect in Fleet. You can enable verbose
logging with the following configuration:
```yaml
---
apiVersion: v1
kind: config
spec:
server_settings:
debug_host_ids:
- 342
- 98
```
Once you have collected the logs, you can easily disable the debug logging by applying the following configuration:
```yaml
---
apiVersion: v1
kind: config
spec:
server_settings:
debug_host_ids: []
```
> **Warning:** This will potentially log a lot of data. Some of that data might be private. Please verify it before posting it
in a public channel or a GitHub issue.
- Optional setting (array of integers)
- Default value: empty
- Config file format:
```
server_settings:
debug_host_ids:
- 342
- 98
```
##### server_settings.deferred_save_host
Whether saving host-related information is done synchronously in the HTTP handler of the host's request, or asynchronously. This can provide better performance in deployments with many hosts. Note that this is an **experimental feature**.
- Optional setting (boolean)
- Default value: `false`
- Config file format:
```
server_settings:
deferred_save_host: true
```
##### server_settings.enable_analytics
If sending usage analytics is enabled or not.
- Optional setting (boolean)
- Default value: `true`
- Config file format:
```
server_settings:
enable_analytics: false
```
##### server_settings.live_query_disabled
If the live query feature is disabled or not.
- Optional setting (boolean)
- Default value: `false`
- Config file format:
```
server_settings:
live_query_disabled: true
```
##### server_settings.server_url
The base URL of the fleet server, including the scheme (e.g. "https://").
- Required setting (string)
- Default value: none (provided during Fleet setup)
- Config file format:
```
server_settings:
server_url: https://fleet.example.org:8080
```
#### SMTP settings
It's recommended to use the Fleet UI to configure SMTP since a secret password must be provided. Navigate to **Settings -> Organization settings -> SMTP Options** to proceed with this configuration.
For additional information on SSO configuration, including just-in-time (JIT) user provisioning, creating SSO users in Fleet, and identity providers configuration, see [Configuring single sign-on (SSO)](../../Deploying/Configuration.md#configuring-single-sign-on-sso).
##### sso_settings.enable_jit_provisioning
**Available in Fleet Premium**. Enables [just-in-time user provisioning](../../Deploying/Configuration.md#just-in-time-jit-user-provisioning).
- Optional setting (boolean)
- Default value: `false`
- Config file format:
```
sso_settings:
enable_jit_provisioning: true
```
##### sso_settings.enable_sso
Configures if single sign-on is enabled.
- Optional setting (boolean)
- Default value: `false`
- Config file format:
```
sso_settings:
enable_sso: true
```
##### sso_settings.enable_sso_idp_login
Allow single sign-on login initiated by identity provider.
- Optional setting (boolean)
- Default value: `false`
- Config file format:
```
sso_settings:
enable_sso_idp_login: true
```
##### sso_settings.entity_id
The required entity ID is a Uniform Resource Identifier (URI) that you use to identify Fleet when configuring the identity provider. It must exactly match the Entity ID field used in identity provider configuration.
- Required setting if SSO is enabled, must have at least 5 characters (string)
- Default value: ""
- Config file format:
```
sso_settings:
entity_id: "https://example.com"
```
##### sso_settings.idp_image_url
An optional link to an image such as a logo for the identity provider.
- Optional setting (string)
- Default value: ""
- Config file format:
```
sso_settings:
idp_image_url: "https://example.com/logo"
```
##### sso_settings.idp_name
A required human-friendly name for the identity provider that will provide single sign-on authentication.
Path to a directory on the local filesystem (accessible to the Fleet server) where the various vulnerability databases will be stored.
- Optional setting, must be set to enable vulnerability detection (string).
- Default value: "".
- Config file format:
```
vulnerability_settings:
databases_path: "/path/to/dir"
```
#### Webhook settings
For more information about webhooks and Fleet automations in general, see the [Automations documentation](../../Using-Fleet/Automations.md).
##### webhook_settings.interval
The interval at which to check for webhook conditions. This value currently configures both the host status and failing policies webhooks, but not the recent vulnerabilities webhook. (See the [Recent vulnerabilities section](#recent-vulnerabilities) for details.)
Defines whether to enable the failing policies webhook. Note that currently, if the failing policies webhook and the `osquery.enable_async_host_processing` options are set, some failing policies webhooks could be missing. Some transitions from succeeding to failing or vice-versa could happen without triggering a webhook request.
Maximum number of hosts to batch on `POST` requests. A value of `0`, the default, means no batching. All hosts failing a policy will be sent on one `POST` request.
The following options allow the configuration of a webhook that will be triggered if the specified percentage of hosts are offline for the specified amount of time.
The following options allow the configuration of a webhook that will be triggered if recently published vulnerabilities are detected and there are affected hosts. A vulnerability is considered recent if it has been published in the last 30 days (based on the National Vulnerability Database, NVD).
Note that the recent vulnerabilities webhook is not checked at `webhook_settings.interval` like other webhooks. It is checked as part of the vulnerability processing and runs at the `vulnerabilities.periodicity` interval specified in the [fleet configuration](../../Deploying/Configuration.md#periodicity).
Maximum number of hosts to batch on `POST` requests. A value of `0`, the default, means no batching. All hosts affected will be sent on one `POST` request.
See the [osquery documentation](https://osquery.readthedocs.io/en/stable/installation/cli-flags/#configuration-control-flags) for the available options. This document shows all examples in command line flag format. Remove the dashed lines (`--`) for Fleet to successfully update the setting. For example, use `distributed_interval` instead of `--distributed_interval`.
Agent options are validated using the latest version of osquery.
You can verify that your agent options are valid by using [the fleetctl apply command](../../Using-Fleet/fleetctl-CLI.md#fleetctl-apply) with the `--dry-run` flag. This will report any error and do nothing if the configuration was valid. If you don't use the latest version of osquery, you can override validation using the `--force` flag. This will update agent options even if they are invalid.
The `overrides` key allows you to segment hosts, by their platform, and supply these groups with unique osquery configuration options. When you choose to use the overrides option for a specific platform, all options specified in the default configuration will be ignored for that platform.
In the example file below, all Darwin and Ubuntu hosts will only receive the options specified in their respective overrides sections.
You can use Fleet to query local SQLite databases as tables. For more information on creating ATC configuration from a SQLite database, check out the [Automatic Table Construction section](https://osquery.readthedocs.io/en/stable/deployment/configuration/#automatic-table-construction) of the osquery documentation.
You can use Fleet to configure the `yara` and `yara_events` osquery tables. Fore more information on YARA configuration and continuous monitoring using the `yara_events` table, check out the [YARA-based scanning with osquery section](https://osquery.readthedocs.io/en/stable/deployment/yara/) of the osquery documentation.
The following is an example Fleet configuration file with YARA configuration. The values are taken from an example config supplied in the above link to the osquery documentation.
> **Note:** More settings are included in the [contributor documentation](../../Contributing/Configuration-for-contributors.md). It's possible, although not recommended, to configure these settings in the YAML configuration file.
