Oh, ALL RIGHT, says Facebook, we'll let Windows admins run osquery

Two years after it first arrives for Linux and OS X, Facebook's "osquery" developer kit is now available for Windows. Osquery is designed to let sysadmins check out system and process information by issuing SQL queries, rather than (for example) having to watch syslogs. An example (drawn from the GitHub repo) is the kind of …

  1. Brian Miller Silver badge

    BOFH moment ...

    And when is this going to be featured in an upcoming BOFH column? Mmmmm???

  2. Ben Liddicott

    So like WMIC then?

    Ships with windows since 2002.

    > wmic process where "Name='explorer.exe'" get Name,ProcessID,ParentPRocessID,ExecutablePath,CommandLine

    > wmic process where "processID=9112" call terminate

    > wmic process where "processID=9112" call AttachDebugger

    1. Adam Foxton

      Re: So like WMIC then?

      Yes, but we're not allowed to say 'Windows had it first", "Windows does it better" or "It's easier on Windows, you just don't know enough to make an informed judgement". That goes against the current IT Orthodoxy that the One Great Penguin is the way to truth.

    2. LDS Silver badge

      Re: So like WMIC then?

      And SQL for WMI...

      which is based on the CIM standard

  3. Doctor Syntax Silver badge

    'Yes, but we're not allowed to say 'Windows had it first"'

    It probably didn't. ISTR reading of this sort of functionality years ago. One option was to add extensions to existing database engines but I thing there've been specific Unix-based products. Unix-based products probably never caught on because it would have been cheaper to knock up a few scripts with existing Unix tools than to buy something in.

  4. Ayobami

    I am look for SQL connection


  5. Lord_Beavis

    Yes but...

    Can we use it to change Mark Suckerberg's name to Mark'); DROP TABLE users;-- ?

  6. razorfishsl Silver badge

    and the network load over a wan of tens of computers dumping short running process information into a database?

