not in the way you’re asking for it, no. you’d hav...
# generalm
marpaia
07/16/2018, 10:34 PMnot in the way you’re asking for it, no. you’d have to run an instance of osqueryd in each vm to perform that kind of data collection.
n
nebi
07/17/2018, 4:12 PM@marpaia please see my follow up reply for this, thank you
m
marpaia
07/17/2018, 4:40 PMdepending on how you configure the namespaces, cgroups, etc. you may be able to identify pid groups or some other unique identifier for processes that are “containers”
marpaia
07/17/2018, 4:40 PMbut just note that “containers” don’t really exist at some level, they’re just really configured linux processes
n
nebi
07/18/2018, 3:34 AMok, thank you for the info sorry for taking your . time
2 Views