-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New component: osquery #30375
Comments
Thanks for submitting this @smithclay, curious how using this as a separate receiver would compare to using osquery with something like a syslog logger plugin combined with the syslogreceiver for example |
The main benefit is giving collector users flexibility to issue one-off queries (at arbitrary intervals) without having to edit the system's config file for More medium-term: remote configuration via opAMP opens up even more security and compliance use-cases if this is a collector receiver. For example, gathering more detailed metrics, logs (via osquery), and traces for a particular server after it is impacted by a security incident. |
thanks for clarifying @smithclay! do you have a sample output you expect to see from osquery? |
Here's example output for disk devices (one of 100+ different data sources), idea is this would turn into two log lines with the columns being resource attributes: |
This change adds the skeleton for the [osquery](https://osquery.io/) receiver, a new log receiver that pulls structured system data from the [osquery daemon](https://github.com/osquery/osquery). **Link to tracking Issue:** #30375 **Testing:** Skeleton unit tests added. **Documentation:** See README.md in receiver folder. For osquery documentation, see [here](https://osquery.readthedocs.io/en/stable/).
…try#30458) This change adds the skeleton for the [osquery](https://osquery.io/) receiver, a new log receiver that pulls structured system data from the [osquery daemon](https://github.com/osquery/osquery). **Link to tracking Issue:** open-telemetry#30375 **Testing:** Skeleton unit tests added. **Documentation:** See README.md in receiver folder. For osquery documentation, see [here](https://osquery.readthedocs.io/en/stable/).
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping |
Hey, will be getting back to this next week :) |
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping |
This issue has been closed as inactive because it has been stale for 120 days with no activity. |
Why was this abandoned? |
The purpose and use-cases of the new component
osquery is a popular open-source Linux Foundation project that allows system administrators to query information about their systems using a SQL-like language.
As a collector receiver for logs, it allows users to extract detailed information about their Linux, macOS, or Windows systems like running processes, certificates, or disks on a predefined schedule. This receiver is particularly helpful for using the collector for security and compliance use-cases.
Example configuration for the component
Telemetry data types supported
logs
Is this a vendor-specific component?
Code Owner(s)
@smithclay
Sponsor (optional)
@codeboten
Additional context
No response
The text was updated successfully, but these errors were encountered: