https://github.com/osquery/osquery logo
Powered by
c

clong

05/14/2018, 8:25 PM
i’m kind of confused by:
events only expire when the table is queried
Do events which are considered “expired” get logged to results?
z

zwass

05/14/2018, 8:39 PM
Events that are "expired" are cleared from rocksdb and will no longer come up when the table is queried. Events are only logged if they are selected in a query before they are expired.
1
c

clong

05/14/2018, 8:44 PM
Thank you!
3 Views
Powered by