Improve explanations of event control flags by mike-myers-tob · Pull Request #69...

2 years ago

source link: https://github.com/osquery/osquery/pull/6954
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Conversation

Users trying to simply turn on evented tables on Windows are often confused that --disable_events=false is not enough. Afterwards, they are confused when they query an evented table twice and some or all of the data from the first query is still there. They are confused again when they get warnings about evented tables' events overfilling and losing events. So the docs could be better. This is my attempt.

Addresses @muffins comment on recent changes to the flags that control evented tables.

Closes #6763

Improve explanations of event control flags by mike-myers-tob · Pull Request #69...

Conversation

Recommend

Fix StartupItemTest failing due to unexpected values by Smjert · Pull Request #6...

GitHub Actions: Use Xcode 12.3, SDK 10.12 by alessandrogario · Pull Request #691...

liquidctl: init at 1.4.2 by arcz · Pull Request #108258 · NixOS/nixpkgs · GitHub

Fix heap-use-after-free in deregisterEventSubscriber by Smjert · Pull Request #6...

Correct docs about OpenSSL and TLS behavior by mike-myers-tob · Pull Request #70...

Improve speed of osquery shutdown procedure by Smjert · Pull Request #7077 · osq...

Remove unused ev2 code by Smjert · Pull Request #6878 · osquery/osquery · GitHub

[vcpkg_configure_make] MacOS assume target arch is host arch by ekilmer · Pull R...

Correct RocksDB error code and subcode printing on open failure by Smjert · Pull...

Fix Github Actions status badge in the README by Smjert · Pull Request #6908 · o...

About Joyk