https://github.com/osquery/osquery logo
Powered by
Title
d

ducna09

07/13/2022, 8:57 AM
hello, i want to ask, why i run query select * from process_events; , i recive Your live query returned no results. on os: ubuntu and centos,
k

Keith Swagler

07/13/2022, 1:06 PM
by default events are disabled add 
--disable_events=false
to your osquery flags to enable event tables
Oh and you do need to have a few other flags as well. See: https://osquery.readthedocs.io/en/stable/deployment/process-auditing/
#fleetJoin Slack
Powered by