hey folks — i was looking at the osquery-go repo a...
# kolidev
vladu
10/10/2020, 2:03 AMhey folks — i was looking at the osquery-go repo and found https://github.com/kolide/osquery-go/issues/85, any updates on this? I was looking to implement an osquery->containerd extension and containerd has support for emitting events and would be awesome to integrate that into osquery
a
alessandrogario
10/10/2020, 9:29 AM
It is possible to manage a ringbuffer inside the extension itself, and return all the data when the SELECT occurs
alessandrogario
10/10/2020, 9:30 AM
This is actually what most extensions that implement event based tables are doing
v
vladu
10/10/2020, 7:25 PM👍
a
alessandrogario
10/10/2020, 7:26 PM
We actually have a containerd event table in the works to be merged in core
alessandrogario
10/10/2020, 7:26 PM
It's almost ready but I believe we were missing a couple of final edits
alessandrogario
10/10/2020, 7:27 PM
@Stefano Bonicatti knows more
v
vladu
10/11/2020, 4:07 AMwould be sweet to get it merged !