https://github.com/osquery/osquery logo
Join Slack
Powered by
<@UA0CRPC0N> any `_events` tables will be collecti...
# general
z
@Mustafa any 
_events
tables will be collecting events as long as 
osqueryd
is running, and then when you query them you will get all the events since the last query was executed.
m
Yes, we have already been using windows_events table. Sorry for this but i think i couldn't explain the situation exactly. What i asked for is about non-event based tables. For example when i query usb_events table periodically, the result of the query doesn't contain the events/logs which generated between the any two queries
Ah, sorry this table is also an event based table.
You can imagine the table as a non-event based table
z
Is there a 
usb_events
table? I can only find 
usb_devices
which is not event based. There is also 
hardware_events
which is event based.
m
Zwass thank you for the correction.
Please consider the that table as for my question. Usb_devices...
z
usb_devices
gives you the state when the query is run
hardware_events
will catch all events
Open in Slack
PreviousNext
Powered by