If you want to create a custom osquery table in Go, you'll need to write an extension which registers the implementation of your table. Using the library Creating a new osquery table Git clone :kolide/osquery-go.git $GOPATH/src//kolide/osquery-goĬd $GOPATH/src//kolide/osquery-goĪlternatively, if you're using this in a project that uses a dependency management tool like Glide or Dep, then follow the relevant instructions provided by that tool. To install this library in your GOPATH: mkdir -p $GOPATH/src//kolide/ For more information about how this process works at a lower level, see the osquery wiki. You can then have osquery load the extension in your desired context (ie: in a long running instance of osqueryd or during an interactive query session with osqueryi). To create an extension, you must create an executable binary which instantiates an ExtensionManagerServer and registers the plugins that you would like to be added to osquery. This project contains Go bindings for creating osquery extensions in Go. are implemented via a robust plugin and extensions API. In osquery, SQL tables, configuration retrieval, log handling, etc. If you're interested in learning more about osquery, visit the GitHub project, the website, and the users guide. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes. This allows you to write SQL-based queries to explore operating system data. Osquery exposes an operating system as a high-performance relational database.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |