mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 09:58:54 +00:00
53 lines
3.6 KiB
Plaintext
53 lines
3.6 KiB
Plaintext
table_name("interface_details")
|
|
description("Detailed information and stats of network interfaces.")
|
|
schema([
|
|
Column("interface", TEXT, "Interface name"),
|
|
Column("mac", TEXT, "MAC of interface (optional)"),
|
|
Column("type", INTEGER, "Interface type (includes virtual)"),
|
|
Column("mtu", INTEGER, "Network MTU"),
|
|
Column("metric", INTEGER, "Metric based on the speed of the interface"),
|
|
Column("flags", INTEGER, "Flags (netdevice) for the device"),
|
|
Column("ipackets", BIGINT, "Input packets"),
|
|
Column("opackets", BIGINT, "Output packets"),
|
|
Column("ibytes", BIGINT, "Input bytes"),
|
|
Column("obytes", BIGINT, "Output bytes"),
|
|
Column("ierrors", BIGINT, "Input errors"),
|
|
Column("oerrors", BIGINT, "Output errors"),
|
|
Column("idrops", BIGINT, "Input drops"),
|
|
Column("odrops", BIGINT, "Output drops"),
|
|
Column("collisions", BIGINT, "Packet Collisions detected"),
|
|
Column("last_change", BIGINT, "Time of last device modification (optional)"),
|
|
])
|
|
|
|
extended_schema(LINUX, [
|
|
Column("link_speed", BIGINT, "Interface speed in Mb/s"),
|
|
Column("pci_slot", TEXT, "PCI slot number"),
|
|
])
|
|
|
|
extended_schema(WINDOWS, [
|
|
Column("friendly_name", TEXT, "The friendly display name of the interface."),
|
|
Column("description", TEXT, "Short description of the object—a one-line string."),
|
|
Column("manufacturer", TEXT, "Name of the network adapter's manufacturer."),
|
|
Column("connection_id", TEXT, "Name of the network connection as it appears in the Network Connections Control Panel program."),
|
|
Column("connection_status", TEXT, "State of the network adapter connection to the network."),
|
|
Column("enabled", INTEGER, "Indicates whether the adapter is enabled or not."),
|
|
Column("physical_adapter", INTEGER, "Indicates whether the adapter is a physical or a logical adapter."),
|
|
Column("speed", INTEGER, "Estimate of the current bandwidth in bits per second."),
|
|
Column("service", TEXT, "The name of the service the network adapter uses."),
|
|
Column("dhcp_enabled", INTEGER, "If TRUE, the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection."),
|
|
Column("dhcp_lease_expires", TEXT, "Expiration date and time for a leased IP address that was assigned to the computer by the dynamic host configuration protocol (DHCP) server."),
|
|
Column("dhcp_lease_obtained", TEXT, "Date and time the lease was obtained for the IP address assigned to the computer by the dynamic host configuration protocol (DHCP) server."),
|
|
Column("dhcp_server", TEXT, "IP address of the dynamic host configuration protocol (DHCP) server."),
|
|
Column("dns_domain", TEXT, "Organization name followed by a period and an extension that indicates the type of organization, such as 'microsoft.com'."),
|
|
Column("dns_domain_suffix_search_order", TEXT, "Array of DNS domain suffixes to be appended to the end of host names during name resolution."),
|
|
Column("dns_host_name", TEXT, "Host name used to identify the local computer for authentication by some utilities."),
|
|
Column("dns_server_search_order", TEXT, "Array of server IP addresses to be used in querying for DNS servers."),
|
|
])
|
|
attributes(cacheable=True)
|
|
implementation("interfaces@genInterfaceDetails")
|
|
examples([
|
|
"select interface, mac, type, idrops as input_drops from interface_details;",
|
|
"select interface, mac, type, flags, (1<<8) as promisc_flag from interface_details where (flags & promisc_flag) > 0;",
|
|
"select interface, mac, type, flags, (1<<3) as loopback_flag from interface_details where (flags & loopback_flag) > 0;",
|
|
])
|