Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

<@UAZS01XRB> We looked into using 0MQ for a bit for agent IPC for a different project. One frustrating limitation is no named pipe support on Windows. And no Go support without cgo.

I didn’t realize the windows named pipe piece. That stinks. Seems like there is some beta pure Go stuff here: <https://github.com/zeromq/gomq/blob/master/README.md>

Apparently for the windows work around people use it in TCP mode on localhost. Several claims that the performance hit is very minimal but I haven’t done this myself.

Yeah, you can do local TCP, but you can't add security descriptors to it, which may or may not matter, depending on your scenario. Means another low-priv process could mess with you.