https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
a

alessandrogario

09/26/2021, 4:26 PM
There is a dump database switch in the latest versions of osquery, it's really useful!
p

puffycid

09/26/2021, 5:56 PM
i tried using the dump db switch but im not getting the results im expecting (may be user error) running the commands below i dont get any data from the db
Copy code
puffycid@puffycids-MBP Darwin % cat sql/Processes.sql | ./osqueryd -S --database_path=outDb2 > /dev/null
puffycid@puffycids-MBP Darwin % ./osqueryd --database_dump --database_path=outDb2/
configurations[results_version]: 2
puffycid@puffycids-MBP Darwin % ls -lh outDb2
total 80
-rw-r--r--  1 puffycid  staff     0B Sep 26 13:49 000046.log
-rw-r--r--  1 puffycid  staff   905B Sep 26 13:49 000049.sst
-rw-r--r--  1 puffycid  staff    16B Sep 26 13:49 CURRENT
-rw-r--r--  1 puffycid  staff    33B Sep 25 22:38 IDENTITY
-rw-r--r--  1 puffycid  staff     0B Sep 25 22:38 LOCK
-rw-r--r--  1 puffycid  staff   632B Sep 26 13:49 MANIFEST-000045
-rw-r--r--  1 puffycid  staff    22K Sep 26 13:49 OPTIONS-000048
(processes.sql returns ~8.8MB of data) is the db emptied when a command finishes? is there anyway to prevent the db from emptying the data? if not thats fine
6 Views
Powered by