Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
p
Prakhar
10/17/2018, 11:27 AMHey I've some pretty basic doubt. If osqueryd is running and collecting events and I restart the daemon for some reason, would I lose events that were not queried before the restart ? Assuming all those buffer/Rocksdb etc do not run out of size and are well within defined thresholds.
z
zwass
10/17/2018, 5:04 PMEvents that were not queried before the restart will not be lost. They will remain in the RocksDB buffer. Of course, you will miss any events that happened while osquery was not running.
p
Prakhar
10/24/2018, 9:46 AMThanks