This is a test tbh to see how wel logging of osquery looks a

Question

This is a test tbh to see how wel logging of osquery looks at scale We write to file and ingest from there typically we are evaluating the wel logger now to streamline our pipelines

lvferdi · Answer

But when I use the `Log Name` above to subscribe to the events I am not able to subscribe nxlog and winlogbeat are unable to locate the logs with that identifier

lvferdi · Answer

Sorry for the repeated deletes I had to blackout part of the image

packetzero · Answer

hmm I have idea

lvferdi · Answer

Care to share I can t find any combo that will allow me to subscribe to the osquery wel channel

lvferdi · Answer

Ok after trial and error if you subscribe to `osquery` as your provider channel you can read the WEL osquery channel

lvferdi · Answer

I am trying to see why I am missing the contents of the message field All I am getting in the message field atm is `Information` and the rest of the json isn t being read But that is likely my parser