[WinEventLog://Microsoft-Windows-Sysmon/Operational]
index = sysmon
disabled = false
renderXml = true

[monitor://c:\Program Files\osquery\log\osqueryd.results.log]
index = osquery
disabled = false
sourcetype = osquery:json

[monitor://c:\Program Files\osquery\log\osqueryd.snapshots.log]
index = osquery
disabled = false
sourcetype = osquery:json

[monitor://c:\Program Files\osquery\log\osqueryd.INFO.*]
index = osquery-status
disabled = false
sourcetype = osquery-info:syslog

[monitor://c:\Program Files\osquery\log\osqueryd.WARNING.*]
index = osquery-status
disabled = false
sourcetype = osquery-warn:syslog

[monitor://c:\Program Files\osquery\log\osqueryd.ERROR.*]
index = osquery-status
disabled = false
sourcetype = osquery-error:syslog