@OpenPlgx hope that makes things a bit more clear. My question here is basically are folks cool with me reverting our logic so that

systemLog

on Windows just drops logs to the floor, until we can sort out a better way of doing things? Or would folks rather we live with this bug for a bit and find a way to make the WEL logger plugin link against core.

It does. Thank you. There is certainly value with osquery's log messages going to event viewer but, on a selfish note, living with the bug scares me more as its getting in the way of our extension. 🙂 . Its been a while since I looked at Windows Event Logging APIs. Let me refresh that before I make any suggestions (that might sound stupid 🙂 )

Hah, sounds good 🙂 👍

Tried looking to for some easy-to-use Window event viewer APIs (something that could mimic syslog) but couldn't find anything..perhaps best would be to go ahead with this code for now..till a better option surfaces..

yeah agreed.