Hi, how do I get hardware_events from MacOS? when ...
# generalj
Jamie Windley
05/08/2019, 4:08 PMHi, how do I get hardware_events from MacOS? when I start osqueryd I see the problems:
I0508 170706.011688 247276992 events.cpp:863] Event publisher not enabled: openbsm: Publisher disabled via configuration
I0508 170706.012102 247276992 events.cpp:863] Event publisher not enabled: scnetwork: Publisher not used
I0508 170706.012125 247276992 events.cpp:863] Event publisher not enabled: event_tapping: Publisher disabled via configuration
And I am not getting any hardware_events in the log. My pack config is here. Any help appreciated. Thx!
j
Jams
05/08/2019, 5:46 PMTable
hardware_eventsc
clong
05/08/2019, 9:19 PMwhich means you need to make sure the
--disable_events=falsej
Jamie Windley
05/09/2019, 9:22 AMThanks! got it working
Jamie Windley
05/09/2019, 9:23 AMDo you know how I can have osquery daemon running in background permanently?
j
Jams
05/09/2019, 4:18 PMj
Jamie Windley
05/14/2019, 12:17 PMSystemd on MacOS??
7 Views