Channels
`osqueryi` will take statements on the command lin...
# generals
seph
09/24/2019, 2:51 PM
osqueryig
grant seltzer
09/24/2019, 3:02 PMas one of of the command line. I see the ability with osqueryi to do a single query, but not a bunch in sequence.
s
seph
09/24/2019, 3:04 PM
Me neither. Can you use osqueryd and a config file?
b
blaedj
09/24/2019, 3:10 PMyou can do
osqueryi < my_file_containing_queries.txtblaedj
09/24/2019, 3:10 PMif the queries are
;\nblaedj
09/24/2019, 3:10 PMmay not need the newline
s
seph
09/24/2019, 3:11 PM
You do need the newline. I made a test case, and forgot and didn’t followup. Thanks!
seph
09/24/2019, 3:11 PM
Copy code
$ echo -e "select 1;\n select 2;" | osqueryd -S --json
[
{"1":"1"},
{"2":"2"}
]g
grant seltzer
09/24/2019, 3:36 PMah sweet, thanks y’all
s
seph
09/24/2019, 3:47 PM
I’d love to hear more about the use case. I think most of us assume this kind of thing happens via osqueryd, so when that’s not the case, I’d like to learn more about it
b
blaedj
09/24/2019, 3:50 PMI've done it because it's easier to edit complex queries in my editor than in the sqlite/osqueryi interface
g
grant seltzer
09/25/2019, 2:18 PMI only wanted to for benchmarking purposes. Easier to run it manually instead of timing it with the schedule interval
s
seph
09/25/2019, 2:19 PM
Ah, yeah…
seph
09/25/2019, 2:19 PM
I’ve been wanting to think about how to add more performance and benchmarking to the test suite
2 Views