Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
a
Ananda Uppalapati
02/13/2020, 7:28 PMhello all. we have the following for file_events in our config and I was wondering the the default is for interval.I feel 10 sec is too frequent and generating a lot of logs as it's querying every 10 seconds. whats a reasonable number to use?
"file_events": {
"query": "SELECT * FROM file_events;",
"interval": 10,
"description": "File events collected from file integrity monitoring",
"removed":falsez
zwass
02/13/2020, 7:28 PMI'd consider 10 seconds to be reasonable... Remember that the events are being recorded in real time anyway. The 10 second interval is just how often the already recorded events will be logged.
a
Ananda Uppalapati
02/13/2020, 7:31 PMok thanks