Teddy Reed
947799d28e
Introduce within-query caching ( #2077 )
...
This adds a new optimization feature that allows expensive tables to cache
their results between JOINs. Consider JOINing a list of open sockets, for each
process, then requesting to hash each process path. This query may hash
the same path multiple times.
Within-query caching allows the hash table to respond with the previous
result of the hash request as long as the requested computation was the result
of a single query. Subsequent queries will perform subsequent hashing.
2016-05-09 10:32:33 -07:00
Teddy Reed
192953bcd3
[ Fix #2030 ] Add generate_foreign and --enable_foreign ( #2034 )
2016-04-11 09:33:45 -07:00
Baraa Hamodi
21c2237eca
[osquery] Update copyright headers to new format.
2016-02-11 11:48:58 -08:00
pathcl
6c8cc20117
PEP8 Compliance && Python 3.X compatibility
...
Signed-off-by: Teddy Reed
Merge-conflicts-by: Teddy Reed
Closes : #1586
2015-12-06 20:57:30 -08:00
Teddy Reed
ffb5b7020e
[ Fix #1693 , #1527 ] Add osquery-specific query planner output
2015-12-02 19:57:24 -08:00
Teddy Reed
e1d7511600
Remove column type string representations
2015-11-14 15:57:30 -08:00
Teddy Reed
c2be670806
Table results caching
...
1. Table implementations (spec files) can mark the table as 'cachable'.
2. Cached results depend on the shortest/quickest interval of scheduled
queries that act on results of the table.
3. The table API generator blocks caching on index/additional/required
table column options.
2015-11-14 15:57:23 -08:00
Robert C. Seacord
1d9695ac31
eliminated some warnings from Clang 3.7 analyze mode
2015-10-21 06:02:58 +00:00
Teddy Reed
1c12d274f4
Minor fix, return an empty query data
2015-10-13 09:25:10 -07:00
Teddy Reed
0440bb970f
Fix test_5_daemon_sigint, and hardware_events tests
2015-10-13 08:40:23 -07:00
Teddy Reed
67b0f51ab5
Several small optimizations around internal SQL queries
2015-08-03 07:56:55 -07:00
Javier Marcos
7241becda1
Fix tables JSON file name
2015-07-16 13:38:31 -07:00
Javier Marcos
84e0c77a98
Generation of table docs with packages and docs targets
2015-07-16 12:23:44 -07:00
Javier Marcos
ba69bf8efa
Adding support to generate documentation to external files
2015-07-15 13:18:41 -07:00
Teddy Reed
f48619ed28
[ #1285 , #1276 ] Faster, optimized subscriber results
2015-07-07 00:59:28 -07:00
Teddy Reed
0d6ab16281
Yara events was not building
2015-06-29 14:45:31 -07:00
Teddy Reed
37188f788b
Fixups in tables, add DOUBLE, shell extensions
2015-06-22 04:17:23 -04:00
Teddy Reed
727f5b091f
Various table perf improvements and TLS docs
2015-06-05 22:03:15 -07:00
Teddy Reed
e244883ea4
[ #1190 ] Schedule queries without logging removed results
2015-06-04 13:53:55 -07:00
Teddy Reed
a105924804
Move specs to a top-level path, add query examples
...
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
2015-06-03 10:39:05 -07:00
Mike Arpaia
fff36af0af
Removing trailing whitespace
2015-05-11 23:31:13 -07:00
Teddy Reed
1de7cfb331
Use CMake find_package for python, fix ifaddrs on FreeBSD
2015-05-08 18:49:01 -07:00
Teddy Reed
c7b9114975
Towards building on FreeBSD/ports
2015-05-07 23:12:30 -07:00
Teddy Reed
cdb112eccb
Add a CMake variable for packages
2015-05-04 17:09:09 -07:00
Teddy Reed
c9e07ec2ba
Add launchd_overrides table
2015-04-15 23:19:23 -07:00
Teddy Reed
79ddc5ba38
Remove unused shell functions
2015-03-19 16:14:29 -07:00
Teddy Reed
91dce32095
Speed up shell and add max value size
2015-03-18 15:07:13 -07:00
Teddy Reed
0673900837
Registry modules
2015-03-04 20:33:10 -08:00
Teddy Reed
b9dbcb2545
Fix some tooling regressions
2015-02-25 00:09:43 -08:00
Teddy Reed
f173fb6e0a
Working on sync using new non-macro decisions
2015-02-23 23:15:04 -08:00
Teddy Reed
a29addba61
Extensions integrations testing
2015-02-22 22:56:18 -07:00
Teddy Reed
451ef686ed
Building example extension with SDK
2015-02-18 20:11:00 -08:00
Mike Arpaia
441fd17e58
include the OSQUERY_BUILD_SDK flag when compiling the SDK
2015-02-18 16:13:52 -08:00
mike@arpaia.co
843fe3a302
syncing sdk with codemod and targets
2015-02-18 09:02:04 -08:00
Teddy Reed
1252fa2663
Add more table descriptions for API generation
2015-02-08 18:40:35 -07:00
Teddy Reed
0586b92fa5
GenAPI should output JSON instead of React JS
2015-02-04 21:02:32 -07:00
mike@arpaia.co
137f7d9a43
ignore ds_store on table generation
...
fix for #695
2015-02-02 12:58:37 -08:00
Mike Arpaia
27e2248fa5
Merge pull request #655 from theopolis/tools
...
Add table API changes to genapi, leaks summary view
2015-01-21 13:34:10 -08:00
Teddy Reed
48dfee2af7
Add table API changes to genapi, leaks summary view
2015-01-21 11:50:42 -08:00
Teddy Reed
13884c4bd3
Ignore ',' add support Linux-only categories
2015-01-20 16:04:58 -08:00
Teddy Reed
b7852650c2
SMBIOS structure tables for OSX
2015-01-20 15:06:34 -08:00
Teddy Reed
182cdb713e
Small fix for a make jobserver race in gentable
2015-01-05 18:11:10 -08:00
Teddy Reed
94811f3ee8
Removed 'core' tables as a build dependency
2014-12-25 12:46:59 -08:00
Teddy Reed
e4b60e883a
Variable amalgamation output filename
2014-12-23 21:53:59 -07:00
Teddy Reed
b2dca55539
Build leaner libosquery, allow control over spec/impl
2014-12-23 20:07:12 -08:00
mike@arpaia.co
b9f732c31f
Updating the license comment to be the correct open source header
...
As per t5494224, all of the license headers in osquery needed to be updated
to reflect the correct open source header style.
2014-12-18 10:52:55 -08:00
Teddy Reed
ebd77d47c4
Amalgamate generated tables
2014-12-03 02:02:11 -08:00
Teddy Reed
343cdf8405
Organize /tools
2014-12-02 21:16:24 -08:00