osquery-1/specs/posix/shell_history.table

table_name("shell_history")
description("A line-delimited (command) table of per-user .*_history data.")
schema([
    Column("uid", BIGINT, "Shell history owner", additional=True),
    Column("time", INTEGER, "Entry timestamp. It could be absent, default value is 0."),
    Column("command", TEXT, "Unparsed date/line/command history line"),
    Column("history_file", TEXT, "Path to the .*_history for this user"),
    ForeignKey(column="uid", table="users"),
])
attributes(user_data=True, no_pkey=True)
implementation("shell_history@genShellHistory")
examples([
    "select * from users join shell_history using (uid)",
])
fuzz_paths([
    "/home",
    "/Users",
])
Rename/improve bash_history to shell_history 2014-11-29 01:38:04 +00:00			`table_name("shell_history")`
			`description("A line-delimited (command) table of per-user .*_history data.")`
			`schema([`
[#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 20:29:03 +00:00			`Column("uid", BIGINT, "Shell history owner", additional=True),`
The default timestamp was added for shell_history without timestamp (#4618) If the shell history file does not contain a timestamps for the lines osquery will miss the time in rows and will show an confusing error about attempt to convert empty string to INTEGER. ``` % head -n 3 ~/.zsh_history ls cd source ls ``` ``` osquery> select * from shell_history limit 1; I0621 11:56:37.804193 2629124992 virtual_table.cpp:292] Error casting time () to INTEGER +------------+------+---------+-------------------------------+ \| uid \| time \| command \| history_file \| +------------+------+---------+-------------------------------+ \| 1868255265 \| \| exit \| /home/akindyakov/.zsh_history \| +------------+------+---------+-------------------------------+ ``` So, default value for the time in shell history can solve the problem. 2018-06-25 15:55:49 +00:00			`Column("time", INTEGER, "Entry timestamp. It could be absent, default value is 0."),`
Various table perf improvements and TLS docs 2015-06-05 18:20:24 +00:00			`Column("command", TEXT, "Unparsed date/line/command history line"),`
Rename/improve bash_history to shell_history 2014-11-29 01:38:04 +00:00			`Column("history_file", TEXT, "Path to the .*_history for this user"),`
[#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 20:29:03 +00:00			`ForeignKey(column="uid", table="users"),`
Rename/improve bash_history to shell_history 2014-11-29 01:38:04 +00:00			`])`
tables: Fix table metadata when constraints are used (#3151) 2017-04-13 04:48:28 +00:00			`attributes(user_data=True, no_pkey=True)`
Rename/improve bash_history to shell_history 2014-11-29 01:38:04 +00:00			`implementation("shell_history@genShellHistory")`
fuzz: Use example queries as input to make fuzz (#3795) 2017-10-06 15:45:49 +00:00			`examples([`
			`"select * from users join shell_history using (uid)",`
			`])`
Add make fuzz (#2458) 2016-09-14 03:37:31 +00:00			`fuzz_paths([`
			`"/home",`
			`"/Users",`
			`])`