mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 18:08:53 +00:00
b81b6de6ae
The refactor of config/packs was initiated because event subscribers needed a method for toggling `::init` based on some configurable option. In the case of auditd, turning on the support with `--disable_audit=false` used to start auditing the EXECVE syscall. It was understandable that this would cause latency based on the number of processes executing per measure of time. A new `socket_events` table will do the same but for `bind` and `connect`. These are less-obvious and for now, require a scan of /proc for socket tuples. In the future this file descriptor to socket tuple will be faster. |
||
|---|---|---|
| .. | ||
| config.h | ||
| core.h | ||
| database.h | ||
| distributed.h | ||
| enroll.h | ||
| events.h | ||
| extensions.h | ||
| filesystem.h | ||
| flags.h | ||
| hash.h | ||
| logger.h | ||
| packs.h | ||
| registry.h | ||
| sdk.h | ||
| sql.h | ||
| status.h | ||
| tables.h | ||