osquery_exporter icon indicating copy to clipboard operation
osquery_exporter copied to clipboard

Published 20 hours ago verified publisher icon zwopir

Implementing query execution via Thrift API extension socket

Open dannykopping opened this issue 4 years ago • 3 comments

This PR implements query execution via Thrift API extension socket, with some accompanying refactorings.

I've added this feature since I'm running osqueryd, and have extensions and other custom configurations - which this exporter doesn't currently support. Additionally, with the socket mode, this exporter could be run inside a container.

It also includes some minor fixes to the documentation, and updating of Go to 1.15. I've maintained backwards-compatibility with the configuration file.

dannykopping avatar Dec 20 '20 21:12 dannykopping

See https://osquery.readthedocs.io/en/stable/development/osquery-sdk/#extensions for more details on the Thrift API

dannykopping avatar Dec 20 '20 21:12 dannykopping

@dannykopping are you still using your branch? I was thinking about making a fork with your changes.

andrewchambers avatar Aug 18 '21 01:08 andrewchambers

@andrewchambers go for it :+1:

dannykopping avatar Aug 18 '21 08:08 dannykopping