Hi osquery team could u indicate the code of osquery control

Question

Hi osquery team could u indicate the code of osquery controlling the the live query schedule query running serially

Ryan Mack · Answer

Distributed query waits for jobs is in one thread Scheduler runs in its own thread Each thread runs only one query at a time but the two threads may run concurrently with each other There is no control per se

wennan.he · Answer

well this is different from what i heard

wennan.he · Answer

image png

Ryan Mack · Answer

I believe that is what Stefano was trying to convey

Ryan Mack · Answer

Out of curiosity what are you trying to do that depends on this behavior

wennan.he · Answer

so let me ask it in this way can 2 live queries run simultaneously on host

wennan.he · Answer

and can 2 scheduled queries run simultaneously on host

Ryan Mack · Answer

I do not believe so One distributed and one scheduled at a time

wennan.he · Answer

so how does osquery implement this

wennan.he · Answer

by running 2 independent threads to run live query and scheduled query respectively

Ryan Mack · Answer

Yes

wennan.he · Answer

so could u show me the code for details

wennan.he · Answer

the code osquery starts 2 threads

Ryan Mack · Answer

osquery dispatcher distributed runner cpp Dispatcher addService std make shared lt DistributedRunner gt osquery dispatcher scheduler cpp Dispatcher addService std make shared lt SchedulerRunner gt