• Anadi


    3 years ago
    There is more than that. You will not be able to view the event tables, and may not be able to run queries on a schedule.
  • zwass


    3 years ago
    This is not correct. You can get results from event-based tables, but the event producers are disabled by default. If you want to test events with osqueryi, you need to use
    osqueryi --disable_events=false
    . Note that if both osqueryi and osqueryd are running with events turned on you may find weird behaviors.