Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
c
clong
11/10/2017, 7:27 PMi wrote a guide to installing osquery and go-audit in this mode here: https://medium.com/@clong/building-a-testbed-for-go-audit-osquery-ea4c0271b0c
n
nishit
11/11/2017, 9:32 AM@clong Thanks for the article. It is really helpful. As you told that only three different syscall, can you tell me which three syscall it is able to monitor?
@clong I know that go-audit will do better job in terms of syscall monitoring, but I just wanted to know whether it is possible using osquery to monitor syscall like auditd or go-audit does?
c
clong
11/13/2017, 8:02 AMexecve, connect, and bind. You can view them via
auditctl -l