Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
v
vladu
10/10/2020, 2:03 AMhey folks — i was looking at the osquery-go repo and found https://github.com/kolide/osquery-go/issues/85, any updates on this? I was looking to implement an osquery->containerd extension and containerd has support for emitting events and would be awesome to integrate that into osquery
a
alessandrogario
10/10/2020, 9:29 AMIt is possible to manage a ringbuffer inside the extension itself, and return all the data when the SELECT occurs
This is actually what most extensions that implement event based tables are doing
v
vladu
10/10/2020, 7:25 PM👍
a
alessandrogario
10/10/2020, 7:26 PMWe actually have a containerd event table in the works to be merged in core
It's almost ready but I believe we were missing a couple of final edits
@Stefano Bonicatti knows more
v
vladu
10/11/2020, 4:07 AMwould be sweet to get it merged !