Hi experts,
I have a requirement to run scheduled...
# generall
lankesh
11/13/2022, 7:50 PMHi experts,
I have a requirement to run scheduled os queries and send the output to another process(xyz.exe) which is already running in same device.
I know 'osqueryd' logs json output at some location.
But is it possible to send the results of queries to another process.
Please help me clarifying how to do this in c++.
s
seph
11/15/2022, 3:36 PM
This depends a lot on you.
osquery normally outputs to files or a remote TLS server.
The simple thing is to have your other process read it’s files.
The less simple thing is to have the other thing act as a TLS endpoint.
If you cannot change the other process, you could probably write a logger plugin to run with osquery. Which would receive the logs over the thrift socket, and then do whatever you wanted with them. This could be written in any language, there are reasonable SDKs for go and python. c++ is a bit weird,
seph
11/15/2022, 3:36 PM
But you’re doing something fairly complicated and unsuported.
l
lankesh
11/15/2022, 3:38 PMThank you..
s
seph
11/15/2022, 3:46 PM
Folks here will generally help, but we can’t solve this one.
l
lankesh
11/15/2022, 3:47 PMYeah, it has complexity. And confusions.
lankesh
11/15/2022, 3:48 PMCannot use file monitoring to read json logs.
lankesh
11/15/2022, 3:48 PMHave to see how we can make use of TLS