Change the counter behavior so only when a differential results is
calculated the counter increments. With this new behavior the counter
represents the order in which differentials results should be replayed
to recreate state at a point in time.
This new toolchain contains a newer LLVM version (9.0.1),
a fix for the scan-build scripts and it keeps the LLVM static libraries,
necessary to implement the new BPF framework and tables.
Implements the Community ID hash that will allow correlating network connections detected by osquery with other tools that support the standard (Zeek, Suricata, etc.).
Updated performance-safety.md to include details about profile.py and it's output. The changes also include information about how profile.py sets the thresholds that appear in the script output.
- Remove Python 2 as a prerequisite
- Add missing instructions when install Git for Windows
- Correct and move the paragraph about symbolic links permission earlier.
The "Enable symbolic link" check available during the Git for Windows
installing procedure doesn't enable the policy, but instead asks git
to create real symlinks when cloning, which is still something
we want.
Recent changes in INDEX enforcement broke extensions.
This fix adds a compatibility flag that defaults to the old behavior of INDEX on all columns.
This only affects extension virtual tables, all built in tables have index constraints enforced.
This is an API change for the format of logged events.
The top-level log field "logNumericsAsNumbers" was introduced to help
migrate from string-encoded numerics to JSON numbers.
This change updates the field to be "numerics", updates the flag to
conform to flag naming conventions, and documents the expectation.
Passing the generator is needed because one can have
multiple installations of Visual Studio and Build Tools.
Moreover the documentation is written for Visual Studio 2019 and
the subsequent arguments passed to CMake are not fully valid for
earlier versions.
