Hi everyone! Hypothetically, if I wanted to run osquery on top of MySQL (or any other database system besides SQLite), would that be a feasible thing to achieve? I'm not extensively familiar with osquery's architecture, I had assumed that the module that gets raw data from the operating system would be fairly easy to separate from the SQLite syntax layered on top, but now I'm not so sure. If my misconceptions cannot be corrected with only a few words, please feel free to direct me to documentation or part of the source code that could help me understand the matter better. Thank you in advance!

Are you asking if there is a way to configure osquery to use MySQL as its database?

@John Speno yeah that's basically what I was asking. So if I'm reading this right, osquery doesn't actually "use" SQLite, it only uses SQLite's SQL syntax for queries and generates and passes data on the fly, while using RocksDB for some utility storage. So I figure my question doesn't make sense in the first place

Yes, that's right.

Alright, thanks a lot for the heads up!

Y'all have it right. Just to add a bit, in theory you could perhaps use the generation functions in the osquery codebase with the Postgres "Foreign Data Wrapper" feature (somewhat equivalent to the "virtual tables" feature osquery uses in SQLite). But it's not clear what the benefit would be.

Osquery does use SQLite. But it’s not a app-db usage. Instead osquery is uses the SQLite library as to provide the sql engine.