Are there any existing stats around memory resident size of osquery without any queries/packs enabled? Curious to hear how much cpu/mem resources folks usually give to osquery in your production fleet.

Currently allowing 1GB for osquery in my deployment. Setting that limit at the cgroup in systemd.

That said osquery would use waaaaayyyy less than that with no queries/packs enabled.

True. We are seeing current usage in the 10MB range with no scheduled queries

I don’t have numbers handy, but it’s pretty small. It’s all in the queries, and what they trigger

Thanks for sharing some rough numbers :) We are also seeing somewhere around ~60MB with little/no scheduled queries.