Hello team, I created this rust library couple of months ago : https://github.com/abdulrhmanalfaifi/osquery-rs, it is a Rust wrapper that uses Thrift API to communicate with osqueryd socket to execute SQL queries. I use this library as a dependency to another project called Fennec : https://github.com/abdulrhmanalfaifi/fennec which is an artifact collection tool for *nix systems. Currently Fennec pack osqueryd into the binary and at runtime dopes it on the filesystem and execute it. Finally Fennec will use the library

osquery-rs

to communicate with osquery socket to execute SQL queries. I want to change the library

osquery-rs

from spawning another process to call the C API directly. To accomplish that I need to do the following: • Compile

osquery

as a library then statically compile it with the Rust wrapper • Figure out which function to call in the osquery API (I can use the same code used in the

osqueryi

) I have been working on compiling

osquery

as a library for weeks and I have came up with nothing. I do not have a lot of experience developing in C and C++. If you have any resources (open source projects compiling osquery as library, blogs, videos, etc) that might help it will be appreciated. If you want to discuss this more you can message me here or on twitter: https://twitter.com/A__ALFAIFI Thanks!

Hi, I'm wondering how you were able to make this work on Linux with Thrift crate 0.15.0. When I started to create rust bindings for osquery, I had to patch the Thrift crate first to support Unix Domain Sockets. My PR to Thrift has been accepted months ago and Unix Domain Socket support was released a few days ago with 0.16.0. I'll continue to work on https://crates.io/crates/osquery-rust in the next days to make it work with the updated thrift crate. Cheers.