Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Does anyone here have links from where I can download bare package of osqueryd for versions 4.8.0, 4.7.0 .

<https://osquery.io/downloads/official/4.7.0|https://osquery.io/downloads/official/4.7.0>, then extract the binary from the package; you can use 7z for MSI

That said, use a newer one if possible; there are many important fixes inside the latest version

I need the older versions just for testing the fleet update server, so i am asking directly for osqueryd exe files

Bare binaries are not an official distribution, only packages are. You will either have to extract them from packages (as Alessandro said above), or compile them yourselves

osquery_470_binaries.zip

<@U023ZPFM2Q1> here are the binaries for 4.7.0, I've included a small readme that explains how to extract them

Can you please explain the Payload~ part for macos

like I extracted the folder but couldn't understrand after that

1. Extract the .pkg file: `7z x osquery-xxx.pkg` . This will create a (possibly hidden) file named `Payload~`
2. Extract the `Payload~`  file: `7z x Payload~` . This will create the standard deployment folders, such as `usr`.
3. Locate the osqueryd binary under `./usr`

For this I neeed to go into the folder after extracting it, right?

7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)

Scanning the drive for archives:
     
ERROR: No such file or directory
Payload~



System ERROR:
Unknown error: -2147024894

When you extract the `.pkg` archive, what new files do you get?

The command on the `.pkg` file should look like this:

```7z x osquery-4.9.0.pkg 

7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=en_US.utf8,Utf16=on,HugeFiles=on,64 bits,16 CPUs x64)

Scanning the drive for archives:
1 file, 10864742 bytes (11 MiB)

Extracting archive: osquery-4.9.0.pkg
--
Path = osquery-4.9.0.pkg
Type = Xar
Physical Size = 10864742
SubType = pkg
Headers Size = 4328
----
Path = Payload
Size = 10842254
Packed Size = 10842254
Modified = 2021-06-22 21:04:41
Created = 2021-06-22 21:04:41
Accessed = 2021-06-22 21:04:40
Mode = -rw-r--r--
User = reed
Group = staff
Method = octet-stream
--
Path = Payload
Type = gzip
Headers Size = 10

Everything is Ok

Size:       41235968
Compressed: 10864742```

It's possible that maybe the file has a different name; you can check the `Path` messages in the `7z` output to determine what files have been created

If you have access to a Mac you can also use `pkgutil —-expand-full osquery-4.9.0.pkg temp-dir` 