This was determined to be the wrong approach to adding simple
killswitches. The intent was to quickly flip on/off features. It was
not widely adopted due to the dependencies killswitching has.
A different approach is to implement the same functions with something
simple like filesystem flags.
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5517
It is experimental registry to stream events from osquery. It is separated from logger registry, which is semantically very similar, on purpose.
Firstly, because we are still not sure about exact way to process, filter, deliver events. I think the best way to test things is to implement pipeline for the events separately from the logger for now and may be merge them later. It's easier to merge things than split them.
Secondary, current implementation of logger is not very performant with plenty of additional functionality. Since we going to evaluate performance hit of new type of events (linux syscall tracing) it is not a good idea to connect it to sophisticated system with well known performance problems.
Reviewed By: jessek
Differential Revision: D14404665
fbshipit-source-id: bb98848d998669bd90bd4f5cf61981247bd537d6
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5498
to keep in sync headers namespace and real path to target
Reviewed By: jessek, marekcirkos
Differential Revision: D14322951
fbshipit-source-id: 3e99cb5e9227529520c0ee1cac0c3d755f594ed8
