Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Still facing problem to activate the journal for NTFS network drive, Any lead will be appreciable?

Sorry, may be I missing any flag. Can you please guid

<https://fleetdm.com/guides/osquery-evented-tables-overview>

The FleetDM folks put that one together that explains how to turn on the features needed for the various "evented" tables in osquery

and the file monitoring table is one of those tables

Hi Jason, Thanks for your prompt response. I'm new to osquery, will you please guide me How create journal for network drive of DeviceType 4?