Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
l
lankesh
11/13/2022, 7:50 PMHi experts,
I have a requirement to run scheduled os queries and send the output to another process(xyz.exe) which is already running in same device.
I know 'osqueryd' logs json output at some location.
But is it possible to send the results of queries to another process.
Please help me clarifying how to do this in c++.
s
seph
11/15/2022, 3:36 PMThis depends a lot on you.
osquery normally outputs to files or a remote TLS server.
The simple thing is to have your other process read it’s files.
The less simple thing is to have the other thing act as a TLS endpoint.
If you cannot change the other process, you could probably write a logger plugin to run with osquery. Which would receive the logs over the thrift socket, and then do whatever you wanted with them. This could be written in any language, there are reasonable SDKs for go and python. c++ is a bit weird,
But you’re doing something fairly complicated and unsuported.
l
lankesh
11/15/2022, 3:38 PMThank you..
s
seph
11/15/2022, 3:46 PMFolks here will generally help, but we can’t solve this one.
l
lankesh
11/15/2022, 3:47 PMYeah, it has complexity. And confusions.
Cannot use file monitoring to read json logs.
Have to see how we can make use of TLS