valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,622 Commits 2 Branches 109 Tags 25 MiB
4372785d5d
Commit Graph

253 Commits

Author SHA1 Message Date
Teddy Reed
0374fde651 [Fix #3194] Remove qualified name from parseEvent declaration (#3198) 2017-04-22 18:16:20 -07:00
Teddy Reed
90078f15ea events: Add hidden EID to all events tables (#3159) 2017-04-14 08:20:20 -07:00
Teddy Reed
649afcfff1 events: Use generator-tables for event subscribers (#3150) 2017-04-12 21:45:41 -07:00
Teddy Reed
c5e6db36eb events: Use poll instead of select for audit and udev (#3158) 2017-04-12 16:10:11 -07:00
Teddy Reed
5fd11260ad inotify: Use poll over select in inotify publisher (#3157) 2017-04-12 16:09:48 -07:00
ryanheffernan
5d6ea77efd [Fix #3129] Check malloc result for WEL XML buffer before calling EvtRender (#3130) 2017-04-04 09:52:29 -07:00
Teddy Reed
7b6e4c7a27 audit: Optimize user_events and add auid (#3120) 2017-03-31 08:30:45 -07:00
Teddy Reed
bc85f726ad events: Execute schedule before expiring (#3091) 2017-03-21 12:38:04 -07:00
Teddy Reed
69bb69fd6d events: Inspect schedule and improve tests (#3087) 2017-03-20 22:03:09 -07:00
Teddy Reed
7b6d026820 rocksdb: Update to 5.0 and use DeleteRange for expirations (#3066) 2017-03-17 12:40:07 -07:00
Teddy Reed
78ed32a673 events: Add locks around publisher and subscriber name accesses (#2969) 2017-02-06 01:17:38 -08:00
Teddy Reed
f54a974ff6 events: Fix locking around FSEvents (#2966) 2017-02-03 22:57:38 -08:00
Nick Anderson
e961fc850e Adding the Windows event log publisher (#2937) 2017-02-02 17:05:58 -08:00
Jonathan Lee
a1de136c1a Change logging level in certain cases (#2896) 2017-01-31 08:07:42 -08:00
Teddy Reed
0e9733f94c Simplify Registry and plugin concepts (#2887) 2017-01-07 12:21:35 -08:00
Teddy Reed
e9bbe1d624 Add Linux audit benchmarks (#2834) 2016-12-03 12:36:55 -08:00
Teddy Reed
0637f3c880 Manage queue configuration for Linux audit (#2792) 2016-11-23 15:40:14 -08:00
lambda-conjecture
ad4cf3ed90 Fix crash in FIM processing on Linux (#2751) 2016-11-22 17:53:07 -08:00
Teddy Reed
0ee1bbe739 Improve process_events on Linux (#2790) 2016-11-22 09:37:16 -08:00
Teddy Reed
6ead016cbb [Fix #2656] Refactor events_optimize to act per-query (#2665) 2016-11-05 22:03:45 -07:00
Teddy Reed
a3acf2a3e5 Fix Config TLS plugin default verb (#2708) 2016-11-02 17:08:44 -07:00
Teddy Reed
4c8fdf5d17 Fix UDEV publisher unit tests LSAN bug (#2693) 2016-10-30 11:15:55 -07:00
Teddy Reed
b59cfd6949 [Fix #2681] Use subscriber setUp result to enable/disable (#2682) 2016-10-25 10:23:10 -07:00
Aditya Srivastava
ef4f8af3b8 Issue #2651 : Changed all NULLs to nullptrs (#2657) 2016-10-21 11:20:28 -07:00
Nick Anderson
208d2324d5 Extending chrome browser extension table to Windows (#2619) 2016-10-14 10:23:37 -07:00
Teddy Reed
b895c6a988 Reduce several INFO logs to VLOGs and increase size-INTEGERs to BIGINT (#2559) 2016-09-28 12:38:35 -07:00
Teddy Reed
7e9088e008 [#2542] Introduce --enable_syslog to explicit enable syslog ingestion (#2543) 2016-09-27 17:35:21 -07:00
Zachary Wasserman
9216ed8275 Make syslog rate limit configurable by flag (#2526) 2016-09-26 17:31:22 -07:00
Teddy Reed
17b89fc182 Refactor events and remove 10/3600 indexes (#2523) 2016-09-25 22:19:31 -07:00
Teddy Reed
bcd90070ae Remove time-override for events add API (#2508) 
This will remove the use of current time for syslog.time and introduce
a new column called 'datetime'.

Events now uses an "optimize_id" alongside "optimize" to prevent returning
colliding events added within the same second as the previous genTable call.
 2016-09-23 16:46:02 -07:00
yying
84e6a3401a Reducing compiler warnings and fails on warn in VS (#2433) 2016-09-02 15:04:03 -07:00
Teddy Reed
080bc5ed88 Improve verbose logging for several linux event publishers (#2421) 2016-08-29 14:26:25 -07:00
Teddy Reed
05a795d80a Count subscriber events correctly in osquery_events (#2419) 
This also changes the osquery_events API by renaming restarts to refreshes.
 2016-08-29 06:57:24 -07:00
Teddy Reed
987368221f Remove several raw strings that confuse static analysis (#2367) 2016-08-15 14:52:11 -07:00
Teddy Reed
dd3020df79 [Fix #2319] Emit verbose log when Linux audit is immutable (#2347) 2016-08-12 18:30:21 -07:00
artemdinaburg
d8bfe962aa Fix Windows under 1.8 build system (#2333) 2016-08-10 14:06:47 -07:00
Teddy Reed
33c1afa4b8 Allow the non-blocking kernel-test publisher to drop 5% (#2336) 2016-08-10 08:45:37 -07:00
Teddy Reed
1c4d6397fa OS X IOKit utilities refactor to allow SKIP_TABLES (#2335) 2016-08-09 20:49:56 -07:00
Teddy Reed
f3f605e26a Introduce a PLATFORM_MASK and isPlatform (#2334) 
Along with the platform defines and platform string defines provided by
CMake to the build, add a PLATFORM_MASK define.

Use this define as a platform-type mask with the PlatformType enum.
 2016-08-09 20:27:42 -07:00
Teddy Reed
7eab0f39bd Fix race conditions in Linux inotify publisher (#2309) 
1. This adds several mutexes to the inotify publisher and its tests.
2. A fix for Linux 4.1 and LLVM TSAN is applied to CMake logic.
 2016-07-31 22:41:37 -07:00
Teddy Reed
870c5bd9f9 Clean up verbose logging for OS X kernel extension (#2276) 2016-07-21 14:29:17 -07:00
yying
547e8f961c CMake configuration file changes to support Windows (#2258) 2016-07-20 23:48:55 -07:00
artemdinaburg
78e1cf7ab4 Transition __attribute__((constructor)) to a more platform independent approach (#2233) 2016-07-14 14:19:33 -07:00
Teddy Reed
7f304a0934 Various fixups and best practices (#2237) 2016-07-11 09:45:57 -07:00
Teddy Reed
48cb4d555d Add systemLog API (#2229) 
This includes a minor SDK refactor as it move quite a few specialized
functions and facilities from core.h into system.h. There was a breaking point
for needing to frequently update core includes.

The new logger systemLog function allows a call site to bypass logging config
and write a line to the OS logger (aka syslog).
 2016-07-07 15:16:28 -07:00
Nick Anderson
cf30388705 Moved test_utils to it's own directory out of core. Updated references (#2154) 2016-06-09 10:49:26 -07:00
Teddy Reed
866ff13fc3 Fix OS X kernel extension autoload (#2151) 2016-06-08 11:14:36 -07:00
yying
26ad131c38 Building osquery unit tests on Windows 10 (#2100) 
Integrated process abstraction code into more locations
Defined new macros for abstracting across various platforms
Added GLOG_NO_ABBREVIATED_SEVERITIES for glog to support Windows
Fixed some minor CMake issues involving thrift
Updated gflags package; reflecting change in provision script
Preparing CMake config files for WIN32 support
 2016-05-17 12:39:11 -07:00
Teddy Reed
77273f6500 Add logEvent API to logger plugins (#2088) 2016-05-13 19:48:40 -07:00
Teddy Reed
57c6b2a521 Revive the OS X kernel-based publishers (#2083) 
The OS X kernel subscribers have not been starting because they expect the
publisher thread to run before they begin configuration. Due to some recent
refactors the publisher thread creation now occurs after configuration.

The subscriber logic to check for a valid kernel connection is still valid.

This commit has two additional side-effects:
- The RocksDB plugin is modified to use 3 background merge threads.
- The OS X kernel publisher syncing thread is now non-blocking.
 2016-05-11 11:47:42 -07:00