search

osquery / osquery

SQL powered operating system instrumentation, monitoring, and analytics.
https://osquery.io
Other
21.82k stars 2.45k forks source link

JDBC driver for osquery #1927

Closed sumkincpp closed 7 years ago

sumkincpp commented 8 years ago

Hi all,

Would be great to have a JDBC driver for osquery. As result it could be possible to smoothly integrate osquery to other solutions, as well as centralize data collection.

Or, maybe there should be a centralized "database" with jdbc accessor which will be a proxy to discovered cluster of osquery machines.

Any thoughts?

theopolis commented 8 years ago

Hi @sumkincpp, there was some talk a while back in #764. I'm not sure if a JDBC connector/driver makes the most sense-- but it certainly depends on how you want to use or integrate osquery's table data. Do you have any use cases / projects in mind?

sumkincpp commented 8 years ago

osquery can be greatly be integrated to some of the Network Monitoring Systems which are using JDBC SQL Collector approach as the source for monitoring Data(I.e. I may provide example off-list). Thrift-based service query endpoint is good, but this is something that needs to have custom Collector specifically written for osquery Thrift interface.

What about idea of adding osquery service discovery mechanism, so it would be possible to proxy queries to exact devices in network through "management gateway"?

Also, there were some recent news about OCP initiative within Google&Facebook and where were mentioned a good idea for development of new transport mechanism for device inventory querying, in other words - replacing legacy SNMP approach. I think osquery very nicely fits to this idea as all is left is a protocol development task .

And finally, SNMP approach is still here, widely deployed and used. So, as osquery data lives in tables, it is also possible(and may be very useful) to extend net-snmp with dynamic MIB Model based on osquery tables currently used on host machine which is running osquery.

Sorry for many ideas, just wanted to share my thoughts about osquery.

theopolis commented 7 years ago

There hasn't been any movement on this for a while. I'm going to close the issue, feel free to reopen if anyone wants/needs these features.

igor-suhorukov commented 4 years ago

@sumkincpp I try solve jdbc access issue by leverage QuestDB as PostgreSQL protocol emulator and custom osquery function for it

C2BB commented 3 years ago

@sumkincpp I try solve jdbc access issue by leverage QuestDB as PostgreSQL protocol emulator and custom osquery function for it

Did you have any success with this approach?