Is this the correct place to ask for help with osquery? I'm in a weird spot where osqueryd isn't recording events but they're visible in osqueryi using the same conf and flags.

Yeap! It's a good place, do you mind recapping the debugging you've done so far?

@theopolis Sure, so I've run the daemon in the foreground using the --verbose flag and nothing seems out of place. I've verified the config. I've shut down auditd. And I've checked the error logs (which are empty).

@Michael Green can you try again with a new database? should be located under /var/osquery

@alessandrogario I tried to create a new db dir and bounced the service and nothing was created in the new dir.

This is weird, as the database should get recreated; it is possible to pass a different path to the command line, one that the current user has written access to