osquery-1/specs
Zachary Wasserman 98cdd3643f Add linux syslog virtual table
This commit adds an event-based virtual table implementation for
querying the linux syslog. It introduces an event publisher that
attaches to a named pipe to ingest CSV formatted syslog forwarded from
rsyslogd. An event subscriber/virtual table makes these log lines
available for queries. Currently, no additional processing is done on
the input data besides parsing.

Using this table requires a properly configured rsyslogd. Documentation
for this configuration is forthcoming in the wiki.
2016-03-30 13:36:57 -07:00
..
centos Table results caching 2015-11-14 15:57:23 -08:00
darwin add cdhash, team_identifier, and authority to signature table 2016-03-14 23:19:27 -07:00
linux Add linux syslog virtual table 2016-03-30 13:36:57 -07:00
ubuntu Table results caching 2015-11-14 15:57:23 -08:00
utility Bump sqlite to 3.11.0 2016-02-21 22:40:37 -08:00
acpi_tables.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
arp_cache.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
authorized_keys.table [#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 12:46:25 -08:00
blacklist TSK integration and example tables 2015-12-04 11:08:51 -08:00
block_devices.table [#1800] Adds uuid and user_uuid columns to the users table and 2016-02-10 13:12:43 -08:00
chrome_extensions.table [#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 12:46:25 -08:00
cpuid.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
crontab.table Table results caching 2015-11-14 15:57:23 -08:00
device_file.table TSK integration and example tables 2015-12-04 11:08:51 -08:00
device_hash.table Additional TSK tables 2015-12-07 08:36:22 -08:00
device_partitions.table TSK integration and example tables 2015-12-04 11:08:51 -08:00
disk_encryption.table [#1800] Adds uuid and user_uuid columns to the users table and 2016-02-10 13:12:43 -08:00
dns_resolvers.table Add dns_resolvers table 2016-02-08 21:52:23 -08:00
etc_hosts.table Table results caching 2015-11-14 15:57:23 -08:00
etc_protocols.table Table results caching 2015-11-14 15:57:23 -08:00
etc_services.table Table results caching 2015-11-14 15:57:23 -08:00
example.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
file_events.table Preserve atime and mtime by default for readFile 2015-12-11 22:18:45 -08:00
firefox_addons.table [#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 12:46:25 -08:00
groups.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
hardware_events.table Rewrite OS X hardware events to use IOKit proper 2015-11-21 19:31:05 -08:00
interface_addresses.table Table results caching 2015-11-14 15:57:23 -08:00
interface_details.table Table results caching 2015-11-14 15:57:23 -08:00
kernel_info.table Table results caching 2015-11-14 15:57:23 -08:00
known_hosts.table [#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 12:46:25 -08:00
last.table Table results caching 2015-11-14 15:57:23 -08:00
listening_ports.table Table results caching 2015-11-14 15:57:23 -08:00
logged_in_users.table Table results caching 2015-11-14 15:57:23 -08:00
magic.table Adding magic table to check for libmagic data 2015-08-28 12:49:46 -07:00
mounts.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
opera_extensions.table [#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 12:46:25 -08:00
os_version.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
pci_devices.table Rewrite OS X hardware events to use IOKit proper 2015-11-21 19:31:05 -08:00
platform_info.table Add platform_info table for UEFI/ROM details 2015-12-12 01:55:14 -08:00
process_envs.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
process_events.table Add a Linux audit event publisher 2015-09-03 08:45:02 -07:00
process_memory_map.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
process_open_files.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
process_open_sockets.table This refactors a bit of config/packs and adds a socket_events table to Linux. 2015-10-27 15:13:02 -07:00
processes.table Rename processes 'group' to 'pgroup' 2016-03-20 19:35:49 -07:00
routes.table Table results caching 2015-11-14 15:57:23 -08:00
shell_history.table [#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 12:46:25 -08:00
smbios_tables.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
suid_bin.table Table results caching 2015-11-14 15:57:23 -08:00
system_controls.table Table results caching 2015-11-14 15:57:23 -08:00
system_info.table [#1778] Add hardware/board info for Linux 2016-01-20 10:01:49 -08:00
uptime.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
usb_devices.table Rewrite OS X hardware events to use IOKit proper 2015-11-21 19:31:05 -08:00
user_groups.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
users.table [#1800] Adds uuid and user_uuid columns to the users table and 2016-02-10 13:12:43 -08:00
yara_events.table Add tags and strings columns to YARA tables. 2015-07-27 08:20:24 -04:00
yara.table Bump sqlite to 3.11.0 2016-02-21 22:40:37 -08:00