https://github.com/osquery/osquery logo
Join Slack
Powered by
Hi, all! Got a quick Fleet question. Is it easy ...
# general
j
Hi, all! Got a quick Fleet question. Is it easy to get stats on user logins and usage times? Thanks!
j
Depends on the platform. Which ones do you want the data for ?
j
Win / Mac, thanks!
j
For Mac, I know you can use the 
last
table to last login times, and the 
apps
table to get the last time an application was opened.
for Windows you'd probably need to grab just the events you are interested in from the 
windows_eventlog
table
there's also the 
uptime
table which works on all platforms
but generally just go spelunking through https://osquery.io/schema/5.4.0
j
Cool, thank you for all of that! I’m hoping to get good stats of how much use computers get; can you think of a better way to query that? 🙂
j
Hm depends on what you by “use” ? Can you clarify?
j
We want to know how much actual use machines get, as opposed to which machines sit idle each day.
So, login gets us partway there, but some people leave themselves logged in, so trying to find a better metric
j
Ah. You could probably sample cpu usage then every 15 minutes or something like that
Or try and use the ‘processes’ table to determine new processes being spun up
j
yeah, thanks for the ideas! it seems like Fleet is a very versatile tool
looking forward to playing with it
j
Yeah it's really up to your imagination
j
I just hope I can find a good query to base our statistics on 😉
l
@Joe B Just a heads up that there is a dedicated #C01DXJL16D8 channel that you may find helpful.
👍 1
3 Views
Open in Slack
PreviousNext
Powered by