Typically, you install software via a package manager such as Aptitude by issuing a command like apt-get install. Let’s imagine we have an Ubuntu 14.04 machine onto which we’d like to install OSQuery. The installation process is somewhat convoluted if you’ve never used VMs, so let’s break it down.
If you’re not familiar with Vagrant, and you really should be, see our posts on the topic here.
OSQuery provides a default Vagrant configuration for you to use for building the package which you’ll eventually distribute across all other machines you’d like it installed on. The documentation is very good, so conquering every aspect of OSQuery is as simple as dedicating an afternoon to it. The software is installed via (currently) self-built packages for all supported operating systems, and comes with osqueryi – an interactive console for playing around with the queries – and osqueryd – a daemon you can schedule to run regularly and aggregate data across monitored machines, for example. The team is adding new tables regularly, so even if you don’t feel like contributing but still want to use some missing ones, there’s a high chance they’ll pop up if you give it some time. It’s fully open source, and there’s even a guide on creating your own tables, in case some are missing and you need them. OSQuery works on CentOS, Ubuntu, and OS X, thus supporting your production servers, your development playbox, and the operating systems of any other machine you have access to, like your children’s or your employees’s – allowing you to use it to monitor the OS status of your entire ecosystem. If you ever ran into a situation where you couldn’t run Apache because a port was already taken and you had to go and grep the process list, only to find out a dead instance of Skype is hogging port 80, you’ll know to appreciate the simplicity of OSQuery. In a nutshell, OSQuery pretends to be a relational database and contains some “tables” (tables in quotes because they don’t actually exist as tables you’re used to in, for example, MySQL) which expose the OS data in a manner that makes it queryable by SQL statements (yes, including joins and the whole lot!). I won’t regurgitate their announcement post – for implementation details see there.
0 kommentar(er)
