Hi, how do I get hardware_events from MacOS? when I start osqueryd I see the problems: I0508 170706.011688 247276992 events.cpp:863] Event publisher not enabled: openbsm: Publisher disabled via configuration I0508 170706.012102 247276992 events.cpp:863] Event publisher not enabled: scnetwork: Publisher not used I0508 170706.012125 247276992 events.cpp:863] Event publisher not enabled: event_tapping: Publisher disabled via configuration And I am not getting any hardware_events in the log. My pack config is here. Any help appreciated. Thx!

Table

hardware_events

is event-based

which means you need to make sure the

--disable_events=false

flag is set somewhere

Thanks! got it working

Systemd service -> https://github.com/facebook/osquery/blob/master/tools/deployment/osqueryd.service

Systemd on MacOS??