• l

    lvferdi

    3 years ago
    This is a test tbh to see how wel logging of osquery looks at scale. We write to file and ingest from there typically, we are evaluating the wel logger now to streamline our pipelines.
  • message has been deleted
  • But when I use the
    Log Name
    above to subscribe to the events I am not able to subscribe. nxlog and winlogbeat are unable to locate the logs with that identifier
  • message has been deleted
  • Sorry for the repeated deletes I had to blackout part of the image
  • packetzero

    packetzero

    3 years ago
    hmm.. I have idea.
  • l

    lvferdi

    3 years ago
    Care to share? I can’t find any combo that will allow me to subscribe to the osquery wel channel
  • Ok after trial and error if you subscribe to
    osquery
    as your provider/channel you can read the WEL osquery channel.
  • I am trying to see why I am missing the contents of the message field. All I am getting in the message field atm is
    Information
    and the rest of the json isn’t being read. But that is likely my parser