Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hi all
is there any way to use the osquery sdk as a way of querying a device without using osqueryi/osqueryd?
or is the sdk just intended to create extensions?

osquery, when running, has an interface presented by thrift. While this is _usually_ used for extensions, we do have a thrift api for querying

You need an osquery running, and you need write access to the socket

In ruby. you’d use:
```client = Osquery::Extensions::ExtensionManager::Client.new(@protocol)
 client.query(statement)```
There’s an example of this in the go sdk — <https://github.com/osquery/osquery-go/blob/master/examples/query> you’ll need to chase down what the library is doing if you want to see the various moving parts.

Since this is all in the thrift spec, it should be pretty much the same everywhere

okay so as it is using thrift api, I can use any language to communicate with it, right? but it specifically needs either the daemon or interactive shell to be running, right?

any language with Thrift support, but the answer is yes probably.

the osquery agent has to be running, in either interactive or daemon mode yes

a lot of people have asked for an `osquery.lib` situation, but that isn't possible with what exists today

Oh, alright. Thanks for your help though!