README
¶
osquery Receiver
| Status | |
|---|---|
| Stability | development: logs |
| Distributions | [] |
| Issues | |
| Code coverage |  |
| Code Owners | @nslaughter, @smithclay |
The osquery receiver runs queries run on an osquery's daemon on a schedule and converts the output to logs.
Configuration
The following settings are required:
queries: list of queries to run on an osquery daemon
The following settings are optional:
collection_interval(default = 10s): How often queries are run on the systemextensions_socket(default =/var/osquery/osquery.em): The osquery daemon's extension socket. Used to communicate with osquery on the system.
Getting started
osquery must be installed on the system where the collector is running. Once running as a daemon, the collector can connect to it using osquery's extension socket.
Example queries and data sources for querying are available in the osquery docs.
Example configuration
osquery:
collection_internal: 10s
extensions_socket: /var/osquery/osquery.em
queries:
- "select * from certificates"
- "select * from block_devices"
Documentation
¶
Overview ¶
Package osqueryreceiver emits osquery results as logs
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewFactory ¶
Types ¶
type Config ¶
type Config struct {
scraperhelper.ControllerConfig `mapstructure:",squash"`
ExtensionsSocket string `mapstructure:"extensions_socket"`
Queries []string `mapstructure:"queries"`
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.