Channels
doorman
zercurity
infrastructure
code-review
queryhub
apple-silicon
carving
goquery
aws
querycon
golang
file-carving
fuzzing
help-proxy
darkbytes
process-auditing
general
windows
random
fleet-dev
tls
fim
awallaby
zentral
zeek
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
community-feeds
Powered by
#general
Title
# general
g
groob
04/05/2019, 1:11 PM
it’s not because of an internet connection, but you might need to configure your --events_max flags
s
sepuku
04/05/2019, 1:34 PM
Right, but we don’t have our machines configured to remove events at such a small amount of storage used, or at such a short timeframe.
we have our machines configured to --events_expiry=36000
Looks like 50k events is the default, I guess theres a potential that >50k events could be generated after a BSOD
I’ll try bumping that limit up and seeing what the outcome is
2 Views
Post