Channels
doorman
zercurity
infrastructure
code-review
queryhub
apple-silicon
carving
goquery
aws
querycon
golang
file-carving
fuzzing
help-proxy
darkbytes
process-auditing
general
windows
random
fleet-dev
tls
fim
awallaby
zentral
zeek
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
uptycs
android_tests
selfgroup
beyond-identity
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
community-feeds
Powered by
#general
Title
# general
d
demonbhao
02/20/2021, 9:47 AM
Hello, when I use osquery to monitor file integrity, the query log result often appears a duplicate paragraph. Have you ever encountered this kind of situation?
m
Mike Myers
02/22/2021, 8:06 PM
perhaps the events are not expired from the table's backing store when they are picked up again by the next query? It may happen when the query interval is shorter than the expiration time. I made a recent update to the documentation around this here:
https://osquery.readthedocs.io/en/latest/installation/cli-flags/#events-control-flags
d
demonbhao
02/23/2021, 6:26 AM
Thank you for your help
3 Views
Post