it would be nice if these strings records in this case thing

Question

it would be nice if these strings records in this case things could immediately be passed to the logging subsystem kind of like <https github com facebook osquery pull 3482> but not specific to tls

alessandrogario · Answer

Didn t know you could do this I ll look into it Would this become something that you toggle on and off or something that is always enabled removing the table

marpaia · Answer

i would love to just be able to configure a subscription to an event publisher via options and get a stream of logs to the logger plugin

marpaia · Answer

maybe as a new event type

marpaia · Answer

the best you can do now is `select ` the table with `removed false`

marpaia · Answer

but that still has to go through the interval of the scheduler diff logic after getting the results out of rocksdb etc

marpaia · Answer

rocksdb should still be involved for the durability of process restarts network failure etc but i think a lot of the rest of it can be peeled back and added to the logging subsystem directly in a plugin agnostic way

alessandrogario · Answer

uhm so each log line would be a complete row

marpaia · Answer

either a `Row` or a `QueryData` presumably

alessandrogario · Answer

That would be cool and would probably speed up a lot of simple tables

marpaia · Answer

yeah i think it would work well for higher throughput event publishers

marpaia · Answer

probably a micro optimization for something like `usb devices`

marpaia · Answer

but for audit or ebpf it seems like it would be a fair bit more efficient to marry these two systems together