Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
auditing-warroom
- n
Natalia King
03/07/2019, 4:22 AMHi guys 👋 saw this ticket https://github.com/facebook/osquery/issues/3740 i am wondering if this feature is still work-in-progress :meep_thinking: i am not getting any
even tho flagselinux_events
(for context, other queries like--audit_allow_selinux_events
,socket_events
work as expected.process_events- 1
- 1
- n
Natalia King
03/07/2019, 6:59 PMMalformed syscall event. The saddr field in the AUDIT_SOCKADDR record could not be parsed: "00000000000000000000000000000000"c- 2
- 2