SQL powered operating system instrumentation, monitoring, and analytics.
Go to file
2014-09-01 17:13:04 -07:00
CMake cleaning up the root CMakeLists.txt 2014-08-30 03:40:26 -07:00
lib@e163809165 [vtable_listening_ports] Listening sockets, IPv4, IPv6 2014-08-19 15:25:16 -07:00
osquery Log files to disk close #78 2014-09-01 17:13:04 -07:00
package Update com.facebook.osqueryd.plist 2014-08-30 04:19:46 -07:00
third-party@4dac47d96d updating third-party 2014-08-11 16:57:44 -07:00
tools clang-format 2014-08-30 04:06:31 -07:00
.clang-format update the formatting in .clang-format 2014-08-15 12:41:47 -07:00
.gitignore Deploy infrastructure for OS X 2014-08-20 00:47:14 -07:00
.gitmodules Deploy infrastructure for OS X 2014-08-20 00:47:14 -07:00
CMakeLists.txt cleaning up the root CMakeLists.txt 2014-08-30 03:40:26 -07:00
Makefile cross platform improvements to the makefile 2014-08-30 03:51:50 -07:00
osquery.supp Proper ARC in Objective-C++ code 2014-08-30 00:22:26 -07:00
README.md readme instructions for development 2014-08-30 04:23:40 -07:00
requirements.txt Initial commit 2014-07-30 17:35:19 -07:00

osquery

Building on OS X

To build osquery on OS X, all you need installed is pip and brew. make deps will take care of installing the appropriate library dependencies, but I recommend taking a look at the Makefile, just in case you see something that might conflict with your personal setup.

Anything that doesn't have a homebrew package is built from source from https://github.com/osquery/third-party, which is a git submodule of this repository which is set up by make deps.

The complete installation/build steps are as follows:

git clone git@github.com:facebook/osquery.git
cd osquery
make deps
make

Once the project is built, try running the project's unit tests:

make runtests

Developing on OS X

make deps will take care of installing everything you need to compile osquery but to properly develop and contribute code, you'll need to install two additional programs:

  • clang-format: we use clang-format to format all code in osquery
  • valgrind: performance is a top priority for osquery, so all code should be thouroughly tested with valgrind

Table Development

Top easy virtual tables

High impact virtual tables

Testing your table for memory leaks

Use valgrind to test your table for memory leaks before you commit it. The osqueryd daemon is a very long running processes, so avoiding memory leaks is critical. The "run" tool is useful for testing a specific query. From the root of the osquery repository, run the following (substitute your table name in the query):

valgrind --tool=memcheck --leak-check=yes --suppressions=osquery.supp ./build/tools/run --query="select * from time;"