From d471b2b59e097688a76825916789e931b25aebc9 Mon Sep 17 00:00:00 2001 From: Yassine Chaouche Date: Wed, 20 Jul 2022 10:51:12 +0100 Subject: [PATCH] --disable-events=false This flag is needed to process events, otherwise you get "virtual_table.cpp:969] Table socket_events is event-based but events are disabled" --- Classic/Servers/Linux/osquery.flags | 1 + 1 file changed, 1 insertion(+) diff --git a/Classic/Servers/Linux/osquery.flags b/Classic/Servers/Linux/osquery.flags index 00e4c9a..b917a35 100755 --- a/Classic/Servers/Linux/osquery.flags +++ b/Classic/Servers/Linux/osquery.flags @@ -2,6 +2,7 @@ --audit_allow_sockets --audit_persist=true --disable_audit=false +--disable_events=false --events_expiry=1 --events_max=500000 --logger_min_status=1