I’m not sure you’re going to get a better set of a...
# extensions
I’m not sure you’re going to get a better set of answers than you did in https://osquery.slack.com/archives/C08V7KTJB/p1581915978247200 While here, or #windows would have been more appropriate, it’s still the same people
Yeah, I understand. Thank you for giving opinions.
I’m not sure how many folks are still on the version 3 branch. A lot of focus is on v4.
Are there reasons you can share about wanting to stay in the 3.x line?
Thank you for replying me 😆 Currently in linux side, I had build my own extension with osquery version 3.3.2 successfully. Now, I need to make things done in windows. So seems like in version 4.x, it's hard to build extensions
I thought the 4.1 line was pretty reasonable for extension building. But I work mostly in go, so it’s a different extension ecosystem.
🧐 1
i.e: I have tried the lastest version of osquery, and try to build the trailofbits extension, but seems like it don't build in the right way
Also, I met some problems when using C++ for building extensions. In the version 3.3.2,
#include <osquery/sdk.h>
works well, but in version 4.x, the path changes to
, but I still don't get it right
Thank you for your suggestion. Btw, if I try to build my extension again using Go, where do I need to start?
Generally speaking, I think you should write extensions in whatever language you’re most comfortable in. In all cases, they will likely require some amount of work to get going the first time.
Woww, those are really nice documents. Thank you 😆
And yes, I had my own extension in C++, the problem only is building it with osquery
I suspect that people will help you get it built on v4. Mostly I think people should use the languages they know and like. ¯\_(ツ)_/¯
🦜 1
Wow yes, I really appreciate that. And it's glad to receive your quickly response. Your suggestions help me alot
I’m happy I can help a little.
❤️ 1
By the way our extensions in the master branch target 3.3.2; also, last time we worked with the official osquery 3.3.2, it wasn't building properly. We have made a fork for that (osql) and other reasons. That been said I suggest too to use 4.x; you can have a look to what's needed here (https://github.com/trailofbits/osquery-extensions/pull/51), or if you simply want to build our extensions for 4.x
🤔 1
It's true though that docs on the Wiki have to be updated for the latest version.
👍 1
Let me summarize your ideas. If I want to build trailofbits extension with osquery version 4.x, I will need to cherry-picking all the commits in your link: https://github.com/trailofbits/osquery-extensions/pull/51 Am I right? Sorry because I'm still new with these awesome techniques
You don't need to cherry-pick, you can just fetch the branch where that PR is, which is local and which is named
(yay mismatched versions, but it has been a WIP for a bit).
👍 1
So kinda I will need to fetch that branch to build trailofbit extension with osquery version 4.x.
I will try your suggestions. Thank you @Stefano Bonicatti