Hello folks. I have been trying to find the cause of a weird bug but failed to do so... My osqueryd suddenly stopped logging FIM DELETE events. If I create a file, modify it, and then delete it, I will have all file change events except "DELETE". Does anyone have ideas on the cause of this? Thanks in advance!

Can you share details about how to reproduce the situation? What version of osquery, what is your configuration, what operating system? How are you triggering the expected behavior?

Thanks for your response 🙏 This is more like a weird behavior that happens all the sudden. I'm currently using v.3.2.4, and it was recording deleted events perfectly. OS: Amazon Linux AMI release 2018.03. Config:

1 {
  2   "options": {
  3     "config_plugin": "filesystem",
  4     "logger_plugin": "filesystem",
  5     "logger_path": "/mnt/logs/osquery",
  6     "pidfile": "/etc/osquery/osquery.pidfile",
  7     "disable_events": "false"
  8   },
  9   "schedule": {
 10     "file_events": {
 11       "query": "SELECT fe.*, u.username FROM file_events fe JOIN users u on fe.uid=u.uid
 12       "interval": 10
 13     }
 14   },
 15   "file_paths": {
 16     "file_list": ["~/{user home directory}/%"]