happy-dude08/04/2021, 7:54 PM
happy-dude08/05/2021, 5:21 PM
using an intermediary to handle the log ingest, and then export to prometheusI guess something of that sort exists in https://github.com/zwopir/osquery_exporter -- but unfortunately is very de-coupled from osquery and osqueryd itself. Essentially it just runs queries and pushes that to a port which prometheus is configured to scrape. We've used that at work for a time by just publishing values and generating alerts off thresholds relating to that. While useful, the package does seem a bit defunct and having osquery accomplish this without the need of another package may be preferred I also do understand where the osquery team is coming from regarding a push (osquery) vs pull (prometheus) model, hence the preference for an intermediary. Curious if osquery can publish results in a prometheus-friendly manner (file? pipe? stream?) and then a intermediary can serve as the middle-layer of presenting that info to a port
as to run a single query, parse the answer, and stash it in an exporter.
Curious if osquery can publish results in a prometheus-friendly mannerI think that’s a viable approach. but is a bit of a research project. What intermediary? What format? Etc… I could imagine that as a logger plugin. I could also imagine that as a TLS server.
happy-dude08/05/2021, 5:33 PM
happy-dude08/05/2021, 5:34 PM