Please see <https://osquery.readthedocs.io/en/stab...
# generalj
Jams
10/11/2021, 3:41 PMPlease see https://osquery.readthedocs.io/en/stable/development/pubsub-framework/ on how osqueryi and _events tables are not compatible. In other words, run osquery as a daemon for the FIM feature.
s
Stefano Bonicatti
10/11/2021, 5:12 PM@Jams @sonal k It’s possible to receive events while in the shell, for testing; but as far as I can see the table used is a Windows one, and the file paths configured are for Linux
Stefano Bonicatti
10/11/2021, 5:13 PMAlso, I wouldn’t modify the pidfile; it has its own default
s
sonal k
10/12/2021, 12:11 PMI was able to resolve it. 👍
3 Views