valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,349 Commits 2 Branches 109 Tags 25 MiB
5aca61375f
Commit Graph

122 Commits

Author SHA1 Message Date
Max Kareta
5aca61375f
reorganized includes to improve compile time (#4445) 2018-05-30 00:17:40 +01:00
Alexander
1a48150be0 Pass name of query to lambda in Config::scheduledQueries by value (#4367) 2018-05-09 14:56:19 +01:00
Nick Anderson
305108155a
bug: handle windows service shutdowns gracefully (#4286) 2018-04-18 07:51:04 -07:00
Teddy Reed
90a737ead7
Replace most of boost::property_tree with rapidjson (#3910) 2018-01-20 20:58:01 -05:00
Teddy Reed
f6d077cbf7
license: Change license to Apache 2.0 and GPLv2 (#4007) 2017-12-18 16:04:06 -08:00
Teddy Reed
a7c2669ba3
tidy: Improve clang-tidy (modernize) list of checks and run across codebase (#3870) 2017-10-29 22:25:49 -07:00
securityclippy
76e904941e soften language to not enabled rather than failed (#3744) 2017-09-28 20:27:44 -07:00
Teddy Reed
f29de27649 Combine osqueryi and osqueryd into single binary (#2742) 2017-08-27 11:09:25 -07:00
Teddy Reed
cf170c4278 cleanup: Move query out of database header (#3576) 2017-08-20 02:44:38 -07:00
Teddy Reed
7844a8ea1b nits: Use char-overload for find (#3363) 2017-05-29 23:13:10 -07:00
Teddy Reed
98505e5eb2 events: Sane defaults for expiration and max (#3358) 2017-05-29 16:10:24 -07:00
Teddy Reed
b38a62be8b config: Rename getInstance to get for consistency (#3350) 2017-05-28 23:04:53 -07:00
Teddy Reed
90078f15ea events: Add hidden EID to all events tables (#3159) 2017-04-14 08:20:20 -07:00
Teddy Reed
649afcfff1 events: Use generator-tables for event subscribers (#3150) 2017-04-12 21:45:41 -07:00
Teddy Reed
bc85f726ad events: Execute schedule before expiring (#3091) 2017-03-21 12:38:04 -07:00
Teddy Reed
69bb69fd6d events: Inspect schedule and improve tests (#3087) 2017-03-20 22:03:09 -07:00
Teddy Reed
7b6d026820 rocksdb: Update to 5.0 and use DeleteRange for expirations (#3066) 2017-03-17 12:40:07 -07:00
Teddy Reed
78ed32a673 events: Add locks around publisher and subscriber name accesses (#2969) 2017-02-06 01:17:38 -08:00
Jonathan Lee
a1de136c1a Change logging level in certain cases (#2896) 2017-01-31 08:07:42 -08:00
Teddy Reed
0e9733f94c Simplify Registry and plugin concepts (#2887) 2017-01-07 12:21:35 -08:00
Teddy Reed
6ead016cbb [Fix #2656] Refactor events_optimize to act per-query (#2665) 2016-11-05 22:03:45 -07:00
Teddy Reed
a3acf2a3e5 Fix Config TLS plugin default verb (#2708) 2016-11-02 17:08:44 -07:00
Teddy Reed
4c8fdf5d17 Fix UDEV publisher unit tests LSAN bug (#2693) 2016-10-30 11:15:55 -07:00
Teddy Reed
b59cfd6949 [Fix #2681] Use subscriber setUp result to enable/disable (#2682) 2016-10-25 10:23:10 -07:00
Teddy Reed
b895c6a988 Reduce several INFO logs to VLOGs and increase size-INTEGERs to BIGINT (#2559) 2016-09-28 12:38:35 -07:00
Teddy Reed
7e9088e008 [#2542] Introduce --enable_syslog to explicit enable syslog ingestion (#2543) 2016-09-27 17:35:21 -07:00
Teddy Reed
17b89fc182 Refactor events and remove 10/3600 indexes (#2523) 2016-09-25 22:19:31 -07:00
Teddy Reed
bcd90070ae Remove time-override for events add API (#2508) 
This will remove the use of current time for syslog.time and introduce
a new column called 'datetime'.

Events now uses an "optimize_id" alongside "optimize" to prevent returning
colliding events added within the same second as the previous genTable call.
 2016-09-23 16:46:02 -07:00
yying
84e6a3401a Reducing compiler warnings and fails on warn in VS (#2433) 2016-09-02 15:04:03 -07:00
Teddy Reed
05a795d80a Count subscriber events correctly in osquery_events (#2419) 
This also changes the osquery_events API by renaming restarts to refreshes.
 2016-08-29 06:57:24 -07:00
Teddy Reed
f3f605e26a Introduce a PLATFORM_MASK and isPlatform (#2334) 
Along with the platform defines and platform string defines provided by
CMake to the build, add a PLATFORM_MASK define.

Use this define as a platform-type mask with the PlatformType enum.
 2016-08-09 20:27:42 -07:00
Teddy Reed
7eab0f39bd Fix race conditions in Linux inotify publisher (#2309) 
1. This adds several mutexes to the inotify publisher and its tests.
2. A fix for Linux 4.1 and LLVM TSAN is applied to CMake logic.
 2016-07-31 22:41:37 -07:00
artemdinaburg
78e1cf7ab4 Transition __attribute__((constructor)) to a more platform independent approach (#2233) 2016-07-14 14:19:33 -07:00
Teddy Reed
48cb4d555d Add systemLog API (#2229) 
This includes a minor SDK refactor as it move quite a few specialized
functions and facilities from core.h into system.h. There was a breaking point
for needing to frequently update core includes.

The new logger systemLog function allows a call site to bypass logging config
and write a line to the OS logger (aka syslog).
 2016-07-07 15:16:28 -07:00
Teddy Reed
77273f6500 Add logEvent API to logger plugins (#2088) 2016-05-13 19:48:40 -07:00
Zachary Wasserman
98cdd3643f Add linux syslog virtual table 
This commit adds an event-based virtual table implementation for
querying the linux syslog. It introduces an event publisher that
attaches to a named pipe to ingest CSV formatted syslog forwarded from
rsyslogd. An event subscriber/virtual table makes these log lines
available for queries. Currently, no additional processing is done on
the input data besides parsing.

Using this table requires a properly configured rsyslogd. Documentation
for this configuration is forthcoming in the wiki.
 2016-03-30 13:36:57 -07:00
Teddy Reed
d2d1431061 Move dispatcher to public API 2016-03-21 15:27:51 -07:00
Teddy Reed
15a998e54f Use the default shutdown flow within extensions 2016-03-20 01:45:49 -07:00
Teddy Reed
c62a0f41b6 Various cleanups 2016-03-18 10:40:07 -07:00
Teddy Reed
7040780863 Expire data when record is before expire time 2016-03-16 12:35:06 -07:00
Teddy Reed
0ba2861cf9 [Fix #1920] Detach thread before joining/clearing (terminate) 2016-03-13 12:15:18 -07:00
Teddy Reed
3de52846d0 Remove boost::thread 2016-03-11 11:50:44 -08:00
Teddy Reed
afd17f8134 1. Reorganize RocksDB database handle into a plugin 
2. Introduce a SQLite-based database plugin
3. Refactor database usage to include local 'fast-calls'
4. Introduce an 'ephemeral' database plugin for testing (like a mock)
 2016-03-06 20:40:16 -08:00
Baraa Hamodi
21c2237eca [osquery] Update copyright headers to new format. 2016-02-11 11:48:58 -08:00
Teddy Reed
4031e299bb Cleanup/stabilize file_events-related APIs 2016-02-10 22:50:38 -08:00
Teddy Reed
7f37304c77 Refactor dispatcher shutdown logic 2016-02-05 01:29:42 -08:00
Teddy Reed
8947dac232 [Fix #1814] Various fixes for Linux inotify 2016-02-03 17:00:41 -08:00
Teddy Reed
724ca51e16 Lower severity of failed publishers 2016-02-01 16:42:21 -08:00
Teddy Reed
f05cc345d3 Add an events_max limit for event buffering 2016-02-01 08:38:58 -08:00
Teddy Reed
c4f3db1613 Fix double event subscriber select 2015-12-17 19:23:26 -08:00