pack scheduled query interval too low #20
Description
I tried to apply the config from osquery-configuration/Fleet/Endpoints/Windows/osquery.yaml using fleetctl like so:
fleetctl config set --address https://fleetserver.example.com:443
fleetctl login --email ${FLEET_EMAIL} --password ${FLEET_PASSWORD}
fleetctl convert -f osquery-configuration/Fleet/Endpoints/Windows/osquery.yaml -o osquery-configuration/Fleet/Endpoints/Windows/osquery.yaml
fleetctl apply -f osquery-configuration/Fleet/Endpoints/Windows/osquery.yaml
fleetctl logout
... and got the following error:
applying packs: POST /api/latest/fleet/spec/packs received status 400 Bad request: pack payload verification: pack scheduled query interval must be an integer greater than 1 and less than 604800
The reason for this error are several lines in the above mentioned file that say: interval: 0.
Changing the affected lines using something like
sed -i 's/interval: 0/interval: 28800/g' ./osquery-configuration/Fleet/Endpoints/Windows/osquery.yaml
solves the issue.
Both FleetDM server and fleetctl are version 4.32.0.