hi, Wanted to use osquery in C++ to get the basic details like os version, firewall status, etc. Was trying to experiment with Thrift IPC but not sure. what's the way forward. any sample for the same will help.

Yes. To use it, you run it as a daemon and write an extension — or, you can run it interactively as a subprocess. If you're writing an extension it doesn't need to be C++ necessarily, other languages are supported.

thank you mike. I was confused with the Extension docs. I thought Extension is written to extend the functionality of osquery which is not my requirement. i just wanted to use existing. I don't want to use osqueryi. and C++ is a requirement. So just to confirm, are Extensions, the way to use osquery SDK?

Yea, osquery doesn't build to be included or compiled as a library callable within your process

oh...that's clear now. Thank you Mike very much. The trailofbits sample you pointed are amazing. It seems they are extending osquery's functionality. Any simple C++ extension which just queries the existing tables of osquery like OS version will help. I don't want to extend anything. Any pointers to such samples?

Ah, well the extension doesn't have to register any new tables I guess, but I'm not sure how to just ask osquery for things over Thrift. I haven't seen an example of what you're asking, but maybe in #CBMR0L7SM someone could help

thank you Mike.

The go SDK supports that and launcher uses it for a couple things

Okay. Thank you!

By implication… Anything using thrift supports that. Though it may or may not be easily exposed or documented