https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
c

clong

05/14/2018, 8:23 PM
No, this means that all events will expire when the table is queried
What happens if it never gets queried? would it just hold events until 
events_max
got reached?
z

zwass

05/14/2018, 8:36 PM
Yes. It looks like 
events_max
is checked every 256 event insertions, so if the table never gets queried this is the only mechanism for discarding events.
1
👍 1
3 Views
Powered by