hey guys, I have a question 🙂. I am trying to add swap memory info for windows. according to https://osquery.io/schema/4.5.1/#memory_info, the memory_info table is only available on linux. I already have a python script that fetches swap memory usage details using psutils. My question is, what would be the most elegant way to add this info to osquery? Do I need to edit the source code and recompile? would there be a problem for me to write a python script that checks the os, and if it's windows, it would just create the _memory_info_ table and insert the relevant information?

Hey @abhatem! It is usually possible to create tables from Python by using an extension, but in this case the table already exists in core and it wouldn't work. Unless it's alright to use a different table name (https://github.com/osquery/osquery-python), the code needs to be converted to C++ and added inside the osquery codebase

alright, thanks!

@abhatem If you are utilizing Kolide Launcher you can grab this info using the kolide_wmi table:

SELECT
    MAX(CASE WHEN key = 'InstallDate' THEN value END) AS install_date,
    MAX(CASE WHEN key = 'AllocatedBaseSize' THEN value END) AS allocated_base_size,
    MAX(CASE WHEN key = 'Name' THEN value END) AS name,
    MAX(CASE WHEN key = 'Caption' THEN value END) AS caption,
    MAX(CASE WHEN key = 'Description' THEN value END) AS description,
    MAX(CASE WHEN key = 'CurrentUsage' THEN value END) AS current_usage,
    MAX(CASE WHEN key = 'PeakUsage' THEN value END) AS peak_usage,
    MAX(CASE WHEN key = 'TempPageFile' THEN value END) AS temp_file_page
FROM kolide_wmi 
WHERE class = 'Win32_PageFileUsage' 
AND properties = 'Caption,Description,InstallDate,Status,AllocatedBaseSize,CurrentUsage,Name,PeakUsage,TempPageFile'

Thanks @fritz, I didn't know about Kolide Launcher before. Might be suitable for me