I am trying to catch OSquery process_events(using audit). I am stopping and disabling auditd as per the OSquery documentation and starting osqueryd after that. But I am not getting a logger callback. Only after a system reboot I am getting logger callback.
Is there any way to get logger callback without system reboot?
Is it a known issue that a switch from auditd to osqueryd require a reboot?
