Hi all is there any way to use the osquery sdk as a way of q

Question

Hi all is there any way to use the osquery sdk as a way of querying a device without using osqueryi osqueryd or is the sdk just intended to create extensions

seph · Answer

osquery when running has an interface presented by thrift While this is usually used for extensions we do have a thrift api for querying

seph · Answer

You need an osquery running and you need write access to the socket

seph · Answer

In ruby you d use ```client = Osquery Extensions ExtensionManager Client new protocol client query statement ``` There s an example of this in the go sdk <https github com osquery osquery go blob master examples query> you ll need to chase down what the library is doing if you want to see the various moving parts

seph · Answer

Since this is all in the thrift spec it should be pretty much the same everywhere

Dhruv Rathod · Answer

okay so as it is using thrift api I can use any language to communicate with it right but it specifically needs either the daemon or interactive shell to be running right

Mike Myers · Answer

any language with Thrift support but the answer is yes probably

Mike Myers · Answer

the osquery agent has to be running in either interactive or daemon mode yes

Mike Myers · Answer

a lot of people have asked for an `osquery lib` situation but that isn t possible with what exists today

Dhruv Rathod · Answer

Oh alright Thanks for your help though