The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,226 other subscribers
«
»

Need to revisit osquery: SQL powered operating system instrumentation, monitoring, and analytics supports more platforms and also aggregates to central log locations

Posted by jpluimers on 2022/01/18

Almost two years ago, GitHub – facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics published from the automatic blog queue.

It was in the midst of my rectum cancer treatment, so I was glad the blog queue back then was still about 18 months deep.

This meant I looked into osquery in 2018, which I remember because I needed it on MacOS as I did not want to remember the syntax for MacOS specific commands on getting system information. It also coincides with how much my repository fork was behind: [Wayback: jpluimers/osquery commits/Archive: jpluimers/osquery commits].

Fast forward to now, the breath of systems I’m involved with has widened, so I was glad to see that Kristian Köhntopp mentioned it:

So time to try it again (:

The links he mentioned:

  • [Wayback/Archive] Welcome to osquery – osquery

    osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive.

  • [Wayback/Archive] Welcome to osquery – osquery: High Level Features
    The high-performance and low-footprint distributed host monitoring daemon, osqueryd, allows you to schedule queries to be executed across your entire infrastructure. The daemon takes care of aggregating the query results over time and generates logs which indicate state changes in your infrastructure. You can use this to maintain insight into the security, performance, configuration, and state of your entire infrastructure. osqueryd‘s logging can integrate into your internal log aggregation pipeline, regardless of your technology stack, via a robust plugin architecture.
    The interactive query console, osqueryi, gives you a SQL interface to try out new queries and explore your operating system. With the power of a complete SQL language and dozens of useful tables built-in, osqueryi is an invaluable tool when performing incident response, diagnosing a systems operations problem, troubleshooting a performance issue, etc.
  • [Wayback/Archive] osqueryd (daemon) – osquery
  • [Wayback/Archive] osqueryi (shell) – osquery
  • [Wayback/Archive] Aggregating Logs – osquery
  • [Wayback/Archive] AWS Logging – osquery

Main site: [Wayback/Archive] osquery | Easily ask questions about your Linux, Windows, and macOS infrastructure

Repository: [Wayback/Archive] osquery/osquery: SQL powered operating system instrumentation, monitoring, and analytics.

–jeroen

This entry was posted on 2022/01/18 at 12:00 and is filed under *nix, *nix-tools, Apple, Development, DevOps, Facebook, Infrastructure, Mac, Mac OS X / OS X / MacOS, Power User, SocialMedia, Software Development, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

«
»
 
%d bloggers like this: