osquery_events

Information about the event publishers and subscribers.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: osquery_events

  • Windows
  • Linux
  • Mac OSX
  • Free BSD

Table schema

Name Type Description
name TEXT Event publisher or subscriber name
publisher TEXT Name of the associated publisher
type TEXT Either publisher or subscriber
subscriptions INTEGER Number of subscriptions the publisher received or subscriber used
events INTEGER Number of events emitted or received since osquery started
refreshes INTEGER Publisher only: number of runloop restarts
active INTEGER 1 if the publisher or subscriber is active else 0

Query examples

Select all the results for the given table.

SELECT * FROM osquery_events;