osquery-1

mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00

History

Seshu Pasam 6fab8b6083 logging: adding "counter" to differentiate initial results (#3651 ) When setting up alerts for differential logs data you might want to skip the initial added records. counter can be used to identify if the added records are all records from initial query of if they are new records. For initial query results that includes all records counter will be "0". For subsequent query executions counter will be incremented by 1. When epoch changes, counter will be reset back to "0".	2017-09-07 15:01:15 -07:00
..
logger_tests.cpp	logging: adding "counter" to differentiate initial results (#3651 )	2017-09-07 15:01:15 -07:00

Seshu Pasam 6fab8b6083 logging: adding "counter" to differentiate initial results (#3651 )

When setting up alerts for differential logs data you might want to skip the
initial added records. counter can be used to identify if the added records
are all records from initial query of if they are new records. For initial
query results that includes all records counter will be "0". For subsequent
query executions counter will be incremented by 1. When epoch changes, counter
will be reset back to "0".

2017-09-07 15:01:15 -07:00

logger_tests.cpp

logging: adding "counter" to differentiate initial results (#3651 )

2017-09-07 15:01:15 -07:00