fleet/schema/tables/asl.yml at e2dad9ffb0e3941961ef956ffec1dffd155de708 - Elgato_dark/fleet - Forgejo: Beyond coding. We Forge.

Elgato_dark/fleet

mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00

Eric 02437a098e

Schema: change default block scalar used in schema override files (#19296 )

Closes: #19271
Closes: #19286

Changes:
- Updated the example in the schema folder readme
- Updated the block scalar used in Fleet's osquery override
documentation (`>-` » `|-`) and removed extra newlines
- Updated the block scalar used in URLs used to create new yaml override
files
- Regenerated osqeury_fleet_schema.json

2024-05-27 18:18:56 -05:00

9 lines

354 B

YAML

Raw Blame History

 name: asl
 examples: |-
   Apple System Logger (ASL) is deprecated since macOS 10.12. On older Macs, this
   table can be used to read logs. On newer ones, see the *unified_log* table.
   This example is from the osquery documentation.
   ```
   SELECT time, message FROM asl WHERE facility = 'authpriv' AND sender = 'sudo' AND message LIKE '%python%';
   ```