https://github.com/osquery/osquery logo
Powered by
#ebpf
Title
# ebpf
a

Andrea

01/17/2023, 5:22 PM
Hello everyone, I have a quick question. I briefly looked at the osquery code base and it looks like “exit” is not implemented yet. Also it looks like it is not implemented on 
ebpfpub
. is that correct or I missed it ?
a

alessandrogario

01/17/2023, 5:59 PM
That is correct, the exit event is currently missing
There is no "exit" entry required in the serializers file, so tracing it is already possible with ebpfpub
a

Andrea

01/18/2023, 10:17 AM
understood thank you
Powered by