Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

<@U782NMBST> hope that makes things a bit more clear. My question here is basically are folks cool with me reverting our logic so that `systemLog` on Windows just drops logs to the floor, until we can sort out a better way of doing things? Or would folks rather we live with this bug for a bit and find a way to make the WEL logger plugin link against core.

It does. Thank you. There is certainly value with osquery's log messages going to event viewer but, on a selfish note, living with the bug scares me more as its getting in the way of our extension. :slightly_smiling_face: . Its been a while since I looked at Windows Event Logging APIs. Let me refresh that before I make any suggestions (that might sound stupid :slightly_smiling_face: )

Hah, sounds good :slightly_smiling_face: :thumbsup:

Tried looking to for some easy-to-use Window event viewer APIs (something that could mimic syslog) but couldn't find anything..perhaps best would be to go ahead with this code for now..till a better option surfaces..