https://github.com/osquery/osquery logo
Powered by
s

sundsta

08/01/2019, 8:08 PM
Can someone elaborate on what the 
active
column indicates on 
osquery_events
? It shows as 
1
for 
process_events
on Linux hosts without process auditing enabled
c

clippy

08/01/2019, 8:25 PM
Copy code
1 if the publisher or subscriber is active else 0
s

sundsta

08/01/2019, 8:29 PM
Yes, but what does active mean in this context? How is it active if it is not enabled via the config?
It is correctly returning zero events, but I do not understand why it shows as active
Powered by