has anyone found a sane way to detect watchdog events without collecting syslog? it looks like by design they don't get to the tls logger, judging from this comment: https://github.com/osquery/osquery/blob/e6fe15eb49660725e65dba1549932ed96e0a8c6e/osquery/core/watcher.cpp#L325