osquery_events

Information about the event publishers and subscribers.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: osquery_events

  • Windows

  • Linux

  • Mac OSX

  • Free BSD

Table schema

Name

Type

Description

name

TEXT

Event publisher or subscriber name

publisher

TEXT

Name of the associated publisher

type

TEXT

Either publisher or subscriber

subscriptions

INTEGER

Number of subscriptions the publisher received or subscriber used

events

INTEGER

Number of events emitted or received since osquery started

refreshes

INTEGER

Publisher only: number of runloop restarts

active

INTEGER

1 if the publisher or subscriber is active else 0

Query examples

Select all the results for the given table.

SELECT * FROM osquery_events;