hello everyone,
I'm developing a personal projec...
# generalw
Walter Vieira
06/14/2023, 1:02 PMhello everyone,
I'm developing a personal project where Osquery should send collected data to the endpoint of an API, what's the best way to do this? the api already handles the received data so the way they will be sent is not a problem.
s
seph
06/15/2023, 4:36 AM
I’m not sure what the question is here.
w
Walter Vieira
06/16/2023, 12:13 PM@seph Sorry for the bad English, but basically I want to collect information about CPU, RAM and disk usage and send it to an API that will record this in a database, is it possible to configure this directly in Osquery?
s
seph
06/16/2023, 3:20 PM
osquery can collect that data, yes.
osquery has a handful of supported logger APIs. It’s not really designed to output to arbitrary APIs, it’s designed to output to a couple different kinds of osquery server.
w
Walter Vieira
06/16/2023, 3:30 PM@seph what would be the best method? extensions or plugins, from the Osquery documentation I understood that they must be in C++, is there no possibility of using another language? like node or python?
s
seph
06/16/2023, 3:32 PM
That’s misunderstanding a lot of details.
seph
06/16/2023, 3:34 PM
osquery can be thought of as an api translation layer. It presents os information in a structured sql format.
The list of data osquery has support for is https://osquery.io/schema
If you need additional data, then you might write a plugin to provide it.
seph
06/16/2023, 3:34 PM
One configures scheduled queries. They log to loggers.
if you needed a different kind of logger, you could write a plugin.
seph
06/16/2023, 3:35 PM
plugins can be written in any language that supports thrift. The python and go SDKs are straight forward. The c/c++ one is more complicated.
seph
06/16/2023, 3:35 PM
There are extensive docs in https://osquery.readthedocs.io/
w
Walter Vieira
06/16/2023, 3:37 PMThanks for the tips, I'll go deeper into the documentation and apply the knowledge.
3 Views