https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
g

groob

04/05/2019, 1:11 PM
it’s not because of an internet connection, but you might need to configure your --events_max flags
s

sepuku

04/05/2019, 1:34 PM
Right, but we don’t have our machines configured to remove events at such a small amount of storage used, or at such a short timeframe.
we have our machines configured to --events_expiry=36000
Looks like 50k events is the default, I guess theres a potential that >50k events could be generated after a BSOD
I’ll try bumping that limit up and seeing what the outcome is
2 Views
Powered by