Building with CMake Linux macOS Windows 10 Testing Building with Buck Linux (Buck) macOS (Buck) FreeBSD (Buck) Windows 10 (Buck) Building and Testing Using Vagrant AWS-E...

Getting Started High Level Features Getting Help Documentation osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tool...

Package Installation Post installation steps Removing osquery Running osquery Continuous integration currently tests stable release versions of osquery against macOS 10.14 (as...

Extensions Using the example extension Building external extensions Bundling multiple extensions into a single-executable extension Thrift API Extension API Extension Manager ...

Aggregating logs Logstash Splunk Fluentd Rsyslog Analyzing logs Kibana Splunk Rsyslog, Fluentd, Scribe, etc. osquery is designed to work with any environment's existing d...

Installing with Chocolatey Installing osquery via the MSI package Installing Manually Running osquery Managing the daemon service Packaging osquery Enabling Windows Event Log...

YARA Configuration yara_events table On-demand YARA scanning There are two YARA related tables in osquery, which serve very different purposes. The first table, called yara_eve...

New Table Walkthrough Using where clauses SQL data types Building new tables Testing your table Getting your query ready for use in osqueryd SQL tables are used to represent...

Extensions Binary Permissions Autoloading Extensions Manually Loading Extensions More Options Troubleshooting osquery supports proprietary tables, config plugins, and logger ...

How do I add a command line flag/option/argument to osquery? Well, first familiarize yourself with gflags, then take note of the wrapper below. include/osquery/flags.h contains ...