hey folks i was looking at the osquery go repo and found

Question

hey folks i was looking at the osquery go repo and found <https github com kolide osquery go issues 85> any updates on this I was looking to implement an osquery gt containerd extension and containerd has support for emitting events and would be awesome to integrate that into osquery

alessandrogario · Answer

It is possible to manage a ringbuffer inside the extension itself and return all the data when the SELECT occurs

alessandrogario · Answer

This is actually what most extensions that implement event based tables are doing

vladu · Answer

+1

alessandrogario · Answer

We actually have a containerd event table in the works to be merged in core

alessandrogario · Answer

It s almost ready but I believe we were missing a couple of final edits

alessandrogario · Answer

< Stefano Bonicatti> knows more

vladu · Answer

would be sweet to get it merged