hello i want to ask why i run query select from process even

Question

hello i want to ask why i run query select from process events i recive Your live query returned no results on os ubuntu and centos

Keith Swagler · Answer

by default events are disabled add ` disable events=false` to your osquery flags to enable event tables

Keith Swagler · Answer

Oh and you do need to have a few other flags as well See <https osquery readthedocs io en stable deployment process auditing >