Commit Graph

48 Commits

Author SHA1 Message Date
Teddy Reed
947799d28e Introduce within-query caching (#2077)
This adds a new optimization feature that allows expensive tables to cache
their results between JOINs. Consider JOINing a list of open sockets, for each
process, then requesting to hash each process path. This query may hash
the same path multiple times.

Within-query caching allows the hash table to respond with the previous
result of the hash request as long as the requested computation was the result
of a single query. Subsequent queries will perform subsequent hashing.
2016-05-09 10:32:33 -07:00
Teddy Reed
192953bcd3 [Fix #2030] Add generate_foreign and --enable_foreign (#2034) 2016-04-11 09:33:45 -07:00
Baraa Hamodi
21c2237eca [osquery] Update copyright headers to new format. 2016-02-11 11:48:58 -08:00
pathcl
6c8cc20117 PEP8 Compliance && Python 3.X compatibility
Signed-off-by: Teddy Reed
Merge-conflicts-by: Teddy Reed

Closes: #1586
2015-12-06 20:57:30 -08:00
Teddy Reed
ffb5b7020e [Fix #1693, #1527] Add osquery-specific query planner output 2015-12-02 19:57:24 -08:00
Teddy Reed
e1d7511600 Remove column type string representations 2015-11-14 15:57:30 -08:00
Teddy Reed
c2be670806 Table results caching
1. Table implementations (spec files) can mark the table as 'cachable'.
2. Cached results depend on the shortest/quickest interval of scheduled
queries that act on results of the table.
3. The table API generator blocks caching on index/additional/required
table column options.
2015-11-14 15:57:23 -08:00
Robert C. Seacord
1d9695ac31 eliminated some warnings from Clang 3.7 analyze mode 2015-10-21 06:02:58 +00:00
Teddy Reed
1c12d274f4 Minor fix, return an empty query data 2015-10-13 09:25:10 -07:00
Teddy Reed
0440bb970f Fix test_5_daemon_sigint, and hardware_events tests 2015-10-13 08:40:23 -07:00
Teddy Reed
67b0f51ab5 Several small optimizations around internal SQL queries 2015-08-03 07:56:55 -07:00
Javier Marcos
7241becda1 Fix tables JSON file name 2015-07-16 13:38:31 -07:00
Javier Marcos
84e0c77a98 Generation of table docs with packages and docs targets 2015-07-16 12:23:44 -07:00
Javier Marcos
ba69bf8efa Adding support to generate documentation to external files 2015-07-15 13:18:41 -07:00
Teddy Reed
f48619ed28 [#1285, #1276] Faster, optimized subscriber results 2015-07-07 00:59:28 -07:00
Teddy Reed
0d6ab16281 Yara events was not building 2015-06-29 14:45:31 -07:00
Teddy Reed
37188f788b Fixups in tables, add DOUBLE, shell extensions 2015-06-22 04:17:23 -04:00
Teddy Reed
727f5b091f Various table perf improvements and TLS docs 2015-06-05 22:03:15 -07:00
Teddy Reed
e244883ea4 [#1190] Schedule queries without logging removed results 2015-06-04 13:53:55 -07:00
Teddy Reed
a105924804 Move specs to a top-level path, add query examples
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
2015-06-03 10:39:05 -07:00
Mike Arpaia
fff36af0af Removing trailing whitespace 2015-05-11 23:31:13 -07:00
Teddy Reed
1de7cfb331 Use CMake find_package for python, fix ifaddrs on FreeBSD 2015-05-08 18:49:01 -07:00
Teddy Reed
c7b9114975 Towards building on FreeBSD/ports 2015-05-07 23:12:30 -07:00
Teddy Reed
cdb112eccb Add a CMake variable for packages 2015-05-04 17:09:09 -07:00
Teddy Reed
c9e07ec2ba Add launchd_overrides table 2015-04-15 23:19:23 -07:00
Teddy Reed
79ddc5ba38 Remove unused shell functions 2015-03-19 16:14:29 -07:00
Teddy Reed
91dce32095 Speed up shell and add max value size 2015-03-18 15:07:13 -07:00
Teddy Reed
0673900837 Registry modules 2015-03-04 20:33:10 -08:00
Teddy Reed
b9dbcb2545 Fix some tooling regressions 2015-02-25 00:09:43 -08:00
Teddy Reed
f173fb6e0a Working on sync using new non-macro decisions 2015-02-23 23:15:04 -08:00
Teddy Reed
a29addba61 Extensions integrations testing 2015-02-22 22:56:18 -07:00
Teddy Reed
451ef686ed Building example extension with SDK 2015-02-18 20:11:00 -08:00
Mike Arpaia
441fd17e58 include the OSQUERY_BUILD_SDK flag when compiling the SDK 2015-02-18 16:13:52 -08:00
mike@arpaia.co
843fe3a302 syncing sdk with codemod and targets 2015-02-18 09:02:04 -08:00
Teddy Reed
1252fa2663 Add more table descriptions for API generation 2015-02-08 18:40:35 -07:00
Teddy Reed
0586b92fa5 GenAPI should output JSON instead of React JS 2015-02-04 21:02:32 -07:00
mike@arpaia.co
137f7d9a43 ignore ds_store on table generation
fix for #695
2015-02-02 12:58:37 -08:00
Mike Arpaia
27e2248fa5 Merge pull request #655 from theopolis/tools
Add table API changes to genapi, leaks summary view
2015-01-21 13:34:10 -08:00
Teddy Reed
48dfee2af7 Add table API changes to genapi, leaks summary view 2015-01-21 11:50:42 -08:00
Teddy Reed
13884c4bd3 Ignore ',' add support Linux-only categories 2015-01-20 16:04:58 -08:00
Teddy Reed
b7852650c2 SMBIOS structure tables for OSX 2015-01-20 15:06:34 -08:00
Teddy Reed
182cdb713e Small fix for a make jobserver race in gentable 2015-01-05 18:11:10 -08:00
Teddy Reed
94811f3ee8 Removed 'core' tables as a build dependency 2014-12-25 12:46:59 -08:00
Teddy Reed
e4b60e883a Variable amalgamation output filename 2014-12-23 21:53:59 -07:00
Teddy Reed
b2dca55539 Build leaner libosquery, allow control over spec/impl 2014-12-23 20:07:12 -08:00
mike@arpaia.co
b9f732c31f Updating the license comment to be the correct open source header
As per t5494224, all of the license headers in osquery needed to be updated
to reflect the correct open source header style.
2014-12-18 10:52:55 -08:00
Teddy Reed
ebd77d47c4 Amalgamate generated tables 2014-12-03 02:02:11 -08:00
Teddy Reed
343cdf8405 Organize /tools 2014-12-02 21:16:24 -08:00