Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
s
seph
09/24/2019, 2:51 PMosqueryig
grant seltzer
09/24/2019, 3:02 PMas one of of the command line. I see the ability with osqueryi to do a single query, but not a bunch in sequence.
s
seph
09/24/2019, 3:04 PMMe neither. Can you use osqueryd and a config file?
b
blaedj
09/24/2019, 3:10 PMyou can do
osqueryi < my_file_containing_queries.txtif the queries are
;\nmay not need the newline
s
seph
09/24/2019, 3:11 PMYou do need the newline. I made a test case, and forgot and didn’t followup. Thanks!
$ echo -e "select 1;\n select 2;" | osqueryd -S --json
[
{"1":"1"},
{"2":"2"}
]g
grant seltzer
09/24/2019, 3:36 PMah sweet, thanks y’all
s
seph
09/24/2019, 3:47 PMI’d love to hear more about the use case. I think most of us assume this kind of thing happens via osqueryd, so when that’s not the case, I’d like to learn more about it
b
blaedj
09/24/2019, 3:50 PMI've done it because it's easier to edit complex queries in my editor than in the sqlite/osqueryi interface
g
grant seltzer
09/25/2019, 2:18 PMI only wanted to for benchmarking purposes. Easier to run it manually instead of timing it with the schedule interval
s
seph
09/25/2019, 2:19 PMAh, yeah…
I’ve been wanting to think about how to add more performance and benchmarking to the test suite