From aaecffa096f2efcd1c5a9ff651087e38206c1204 Mon Sep 17 00:00:00 2001 From: Teddy Reed Date: Fri, 10 Apr 2015 17:37:49 -0700 Subject: [PATCH] Skip event publishers when a single query is used --- osquery/core/init.cpp | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/osquery/core/init.cpp b/osquery/core/init.cpp index b8e8b7d0..73c99d7c 100644 --- a/osquery/core/init.cpp +++ b/osquery/core/init.cpp @@ -9,7 +9,9 @@ */ #include +#include #include +#include #include #include @@ -47,6 +49,8 @@ namespace osquery { "path. Additionally, review the \"using osqueryd\" wiki page:\n" \ " - https://github.com/facebook/osquery/wiki/using-osqueryd\n\n"; +DECLARE_bool(disable_events); + CLI_FLAG(bool, config_check, false, @@ -114,9 +118,20 @@ Initializer::Initializer(int& argc, char**& argv, ToolType tool) FLAGS_logger_plugin = STR(OSQUERY_DEFAULT_LOGGER_PLUGIN); #endif + // Set version string from CMake build + GFLAGS_NAMESPACE::SetVersionString(OSQUERY_VERSION); + + // Let gflags parse the non-help options/flags. + GFLAGS_NAMESPACE::ParseCommandLineFlags( + argc_, argv_, (tool == OSQUERY_TOOL_SHELL)); + if (tool == OSQUERY_TOOL_SHELL) { // The shell is transient, rewrite config-loaded paths. osquery::FLAGS_disable_logging = true; + if (*argc_ > 1 || !isatty(fileno(stdin))) { + // A query was set as a positional argument for via stdin. + osquery::FLAGS_disable_events = true; + } // Get the caller's home dir for temporary storage/state management. auto homedir = osqueryHomeDirectory(); @@ -127,13 +142,6 @@ Initializer::Initializer(int& argc, char**& argv, ToolType tool) } } - // Set version string from CMake build - GFLAGS_NAMESPACE::SetVersionString(OSQUERY_VERSION); - - // Let gflags parse the non-help options/flags. - GFLAGS_NAMESPACE::ParseCommandLineFlags( - argc_, argv_, (tool == OSQUERY_TOOL_SHELL)); - // If the caller is checking configuration, disable the watchdog/worker. if (FLAGS_config_check) { FLAGS_disable_watchdog = true;