Hi osquery team, could u indicate the code of osqu...
# generalw
wennan.he
01/25/2023, 9:13 PMHi osquery team, could u indicate the code of osquery controlling the the live query / schedule query running serially?
r
Ryan Mack
01/25/2023, 10:54 PMDistributed query waits for jobs is in one thread. Scheduler runs in its own thread. Each thread runs only one query at a time but the two threads may run concurrently with each other. There is no control per se.
w
wennan.he
01/25/2023, 11:00 PMwell this is different from what i heard.
wennan.he
01/25/2023, 11:00 PMimage.png
r
Ryan Mack
01/25/2023, 11:01 PMI believe that is what Stefano was trying to convey.
Ryan Mack
01/25/2023, 11:01 PMOut of curiosity, what are you trying to do that depends on this behavior?
w
wennan.he
01/25/2023, 11:02 PMso let me ask it in this way, can 2 live queries run simultaneously on host?
wennan.he
01/25/2023, 11:02 PMand can 2 scheduled queries run simultaneously on host?
r
Ryan Mack
01/25/2023, 11:02 PMI do not believe so. One distributed and one scheduled at a time.
👍 1
w
wennan.he
01/25/2023, 11:03 PMso how does osquery implement this.
wennan.he
01/25/2023, 11:03 PMby running 2 independent threads to run live query and scheduled query respectively?
r
Ryan Mack
01/25/2023, 11:03 PMYes.
w
wennan.he
01/25/2023, 11:03 PMso could u show me the code for details?
wennan.he
01/25/2023, 11:04 PMthe code osquery starts 2 threads.
r
Ryan Mack
01/25/2023, 11:06 PMosquery/dispatcher/distributed_runner.cpp: Dispatcher::addService(std::make_shared<DistributedRunner>());
osquery/dispatcher/scheduler.cpp: Dispatcher::addService(std::make_shared<SchedulerRunner>(
👍 1