https://github.com/osquery/osquery logo
#general
Title
# general
d

demonbhao

02/20/2021, 9:47 AM
Hello, when I use osquery to monitor file integrity, the query log result often appears a duplicate paragraph. Have you ever encountered this kind of situation?
m

Mike Myers

02/22/2021, 8:06 PM
perhaps the events are not expired from the table's backing store when they are picked up again by the next query? It may happen when the query interval is shorter than the expiration time. I made a recent update to the documentation around this here: https://osquery.readthedocs.io/en/latest/installation/cli-flags/#events-control-flags
d

demonbhao

02/23/2021, 6:26 AM
Thank you for your help
3 Views