Only the osquery SDK provides the simple startExtension symbol that manages the life of your process, including the Thrift service threads and a watchdog. Extensions are commonly written in C++, but can also be developed in Python, in Go, or in really any language that supports Thrift. Įxtensions use osquery's Thrift API to communicate between osqueryi or osqueryd and the extension process. Your extension will be version-compatible with our publicly-built binary packages on. An extension allows you to develop independently: it may be compiled and linked using an external build system, against proprietary code. ExtensionsĮxtensions are separate processes that communicate over a Thrift IPC channel to osquery core in order to register one or more plugins or virtual tables.
#Initializing external capture plugins install#
To generate web-based documentation, you will need to install doxygen, run make docs from the repository root, then open. The public API and SDK headers are documented via doxygen.
#Initializing external capture plugins code#
This organization better isolates OS API dependencies from development tools and libraries and provides a logical separation between code needed for extensions and module compiling. This SDK can be used to build osquery outside of our CMake build system with a minimum set of dependencies. We call the set of public headers implementing core the 'osquery SDK'. Osquery is organized into a core, additional, and testing during a default build from source. The public headers can be found in /osquery/osquery/sdk/. The core code can be thought of as the framework or platform, it is everything except for the SQLite code and most table implementations. The osquery "public API" or SDK is the set of osquery headers and a subset of the source "cpp" files implementing what we call osquery core.
0 kommentar(er)
