any ` events` tables will be collecting events as

Question

< Mustafa> any ` events` tables will be collecting events as long as `osqueryd` is running and then when you query them you will get all the events since the last query was executed

Mustafa · Answer

Yes we have already been using windows events table Sorry for this but i think i couldn t explain the situation exactly What i asked for is about non event based tables For example when i query usb events table periodically the result of the query doesn t contain the events logs which generated between the any two queries

Mustafa · Answer

Ah sorry this table is also an event based table

Mustafa · Answer

You can imagine the table as a non event based table

zwass · Answer

Is there a `usb events` table I can only find `usb devices` which is not event based There is also `hardware events` which is event based

Mustafa · Answer

Zwass thank you for the correction

Mustafa · Answer

Please consider the that table as for my question Usb devices

zwass · Answer

`usb devices` gives you the state when the query is run

zwass · Answer

`hardware events` will catch all events