Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
a
alessandrogario
09/26/2021, 4:26 PMThere is a dump database switch in the latest versions of osquery, it's really useful!
p
puffycid
09/26/2021, 5:56 PMi tried using the dump db switch but im not getting the results im expecting (may be user error)
running the commands below i dont get any data from the db
puffycid@puffycids-MBP Darwin % cat sql/Processes.sql | ./osqueryd -S --database_path=outDb2 > /dev/null
puffycid@puffycids-MBP Darwin % ./osqueryd --database_dump --database_path=outDb2/
configurations[results_version]: 2
puffycid@puffycids-MBP Darwin % ls -lh outDb2
total 80
-rw-r--r-- 1 puffycid staff 0B Sep 26 13:49 000046.log
-rw-r--r-- 1 puffycid staff 905B Sep 26 13:49 000049.sst
-rw-r--r-- 1 puffycid staff 16B Sep 26 13:49 CURRENT
-rw-r--r-- 1 puffycid staff 33B Sep 25 22:38 IDENTITY
-rw-r--r-- 1 puffycid staff 0B Sep 25 22:38 LOCK
-rw-r--r-- 1 puffycid staff 632B Sep 26 13:49 MANIFEST-000045
-rw-r--r-- 1 puffycid staff 22K Sep 26 13:49 OPTIONS-000048