valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b81b6de6ae
osquery-1/osquery/events
History
Teddy Reed b81b6de6ae This refactors a bit of config/packs and adds a socket_events table to Linux. 
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.

A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
2015-10-27 15:13:02 -07:00
..
benchmarks RocksDB usage speedups 2015-08-15 20:43:53 -07:00
darwin This refactors a bit of config/packs and adds a socket_events table to Linux. 2015-10-27 15:13:02 -07:00
freebsd Added loading of kernel. 2015-07-30 14:36:46 -07:00
kernel changes for integer sign problems 2015-10-17 00:18:35 +00:00
linux This refactors a bit of config/packs and adds a socket_events table to Linux. 2015-10-27 15:13:02 -07:00
tests This refactors a bit of config/packs and adds a socket_events table to Linux. 2015-10-27 15:13:02 -07:00
CMakeLists.txt Add a Linux audit event publisher 2015-09-03 08:45:02 -07:00
events.cpp This refactors a bit of config/packs and adds a socket_events table to Linux. 2015-10-27 15:13:02 -07:00
kernel.cpp [#1506] Silent kext loading messages from syslog 2015-09-16 13:13:56 -07:00
kernel.h Add a Linux audit event publisher 2015-09-03 08:45:02 -07:00