Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

I have osquery installed with launcher - where is the DB by default? I’d like to run osqueryi locally to debug some stuff.

This feels like a bit of a misnomer.

osquery is a bunch of virtual tables and sqlite. Launcher adds some more virtual tables. osqueryi is a CLI interface to osquery, it’s the same as invoking `osqueryd -S`

There is no database on disk to hit.

I do not think it’s easy to connect osqueryi to the launcher distributed tables.

OK, I think I misunderstood ```osqueryi uses an in-memory database by default. To connect to an existing events database, use the flag --database_path=/var/osquery/osquery.db (only one process may attach to the database; see Checking the database sanity).``` from the docs