```$ sudo osqueryi --disable_audit=false --audit_...
# generaly
Yassine CHAOUCHE
07/20/2022, 1:16 PM Copy code
$ sudo osqueryi --disable_audit=false --audit_allow_config=true --events_max=50000 --audit_allow_sockets --disable_events=false
Using a virtual database. Need help, type '.help'
osquery> select action, process_events.path, cmdline, socket_events.status, remote_address, remote_port, datetime(socket_events.time,'unixepoch') from socket_events join process_events on socket_events.pid = process_events.pid;
osquery> select action, process_events.path, cmdline, socket_events.status, remote_address, remote_port, datetime(socket_events.time,'unixepoch') from socket_events join process_events on socket_events.pid = process_events.pid;
+---------+---------------+-----------------+-------------+-----------------+-------------+------------------------------------------+
| action | path | cmdline | status | remote_address | remote_port | datetime(socket_events.time,'unixepoch') |
+---------+---------------+-----------------+-------------+-----------------+-------------+------------------------------------------+
| connect | /usr/bin/curl | curl <http://google.com|google.com> | in_progress | 142.250.200.238 | 80 | 2022-07-20 12:59:12 |
+---------+---------------+-----------------+-------------+-----------------+-------------+------------------------------------------+
osquery>
$