https://github.com/osquery/osquery logo
Join Slack
Powered by
Hi, I noticed that after updating from v3.3.2 the ...
# general
j
Hi, I noticed that after updating from v3.3.2 the 
last
table only shows logins (type 7). After pulling hairs and compiling osquery myself, I found this PR: https://github.com/osquery/osquery/pull/5274 (btw I couldn’t find any reference to this on the releases) which is filtering for 
USER_PROCESS
only. Should I open an issue for this? or can I just open a PR and also add the 
DEAD_PROCESS
event?
s
Process wise, you can open a PR without an issue. Issues are good if you want to defer doing the work until after a solution is agreed on.
There were a lot of changes between v3 and v4. I'm sorry you were frustrated by one.
j
it’s fine, I just just frustrated I didn’t take a closer look at the code beforehand
I’ll try and open a PR later today
s
I don't know this Linux corner, so I don't have an opinion on what the desired behavior is.
j
no worries
Open in Slack
PreviousNext
Powered by