How to start osquery without system reboot when auditd is disabled? I am trying to catch OSquery process_events(using audit). I am stopping and disabling auditd as per the OSquery documentation and starting osqueryd after that. But I am not getting a logger callback. Only after a system reboot  I am getting logger callback. Is there any way to get logger callback without system reboot? Is it a known issue that a switch from auditd to osqueryd require a reboot?