Hello. Is there any osquery documentation regarding minimum resources required for installation and operation of osqueryd (RAM/CPU)? Have looked through the Docs for a bit and am not readily finding it there. I know resource usage can be entirely dependent on your query schedule, watchdog settings, etc. Just wondering if there is a published minimum set of requirements. Thanks in advance.

As you commented, the variation from queries is quite large. osquery not running any queries should use negligible CPU and negligible RAM. osquery trying to crawl disk and yara scan everything will OOM most machines.

Thanks. I figured as much, just checking to make sure I wasn’t missing some documented info on the subject. Thanks again

If you’re trying to limit usage, the watchdog can help — it can watch and kill osquery if usage is out of set limits. But it’s not perfect