@jackjack this:```C:\Users\thor λ osqueryi.exe --config_path=\.osquery.conf --nodisable_events=true --allow_unsafe=true --disable_extensions=true --verbose I0315 135653.904193 15064 init.cpp:368] osquery initialized [version=2.11.0-8-ga6227dee] I0315 135653.906090 15064 init.cpp:597] Cannot start extension manager: Extensions disabled I0315 135653.908064 15064 init.cpp:633] Error reading config: config file does not exist: \.osquery.conf I0315 135653.910081 15040 events.cpp:746] Starting event publisher run loop: windows_event_log Using a virtual database. Need help, type '.help' osquery> select * from windows_events where source='Security' limit 1;```

@thor is the flag --disable_events changed to nodisable_events?

They’re both there, if you’re lazy and do t want to set a true/false you can use nodisable ;)

🙂