![]() You can check the top 5 CPU intensive services by running the query below: SELECT pid, uid, name, ROUND(( osquery> select * from interface_details Monitor resource utilizationĪs an administrator, you need to be aware of which services are taking much of your resources such as cpu and memory. You can also get the network statistics for the available interface from. osquery> select * from memory_info Get network statistics for an interface You can get the information about your memory i.e total memory, current memory consumption and more. osquery> select * from system_info Get information about your memory You can get the details of the system from the. osquery> select username from users Check system information You can filter the specific details you want to extract from the users table, for example, you might be concerned about the usernames on the server. Some of the expected output from the users table is username, directory, description, shell assigned etc. Use the command below to get the information about users existing on the server. The command used in this case is: osquery>. You might want to list the existing tables to know what to look for and where. You can get help from the osquery shell by issuing the. To gain interactive shell access to osquery, run the command below: $ osqueryi You should know that osquery is a relational database that gets system metrics from rsyslog and saves the data in tables, where users can now run queries aganist them and get the metrics. In the next steps, we shall demonstrate on how to gain access to osquery’s interactive shell and get the metrics. If running you should get an output similar to one below: How to use Osquery on Linux You can check and confirm that osquery service is up and running sudo systemctl status osqueryd Restart rsyslog service: sudo systemctl restart rsyslog We can now start and enable osquery service. "osquery-monitoring": "/usr/share/osquery/packs/nf" "SELECT user AS username FROM logged_in_users ORDER BY time DESC LIMIT 1 " ![]() "SELECT uuid AS host_uuid FROM system_info ", "query": "SELECT username, time, host FROM last WHERE type=7", "query": "SELECT hostname, cpu_brand, physical_memory FROM system_info ", "syslog_pipe_path": "/var/osquery/syslog_pipe", "database_path": "/var/osquery/osquery.db", "pidfile": "/var/osquery/osquery.pidfile", *.* action(type="ompipe" Pipe="/var/osquery/syslog_pipe" template="Osquer圜svFormat")Ĭreate a custom oquery configuration file under /etc/osquery/ called nf and add the content below: sudo vim /etc/osquery/nf sudo vim /etc/rsyslog.d/nfĪdd the content below to the file: template( To give rsyslog access to system logs, we will edit the file under /etc/rsyslog.d/nf and add the following content. ![]() Rsyslog can be installed using the command below: sudo apt install rsyslog -y We will then be required to give rsyslog access to system logs. We need to install rsyslog to collect logs. Install osquery with the following apt commands: sudo apt install osquery -y How to Configure Osquery on Ubuntu 20.04Īfter a successful installation, you will be required to do some configurations on your system. Step 2 – Configure osquery repositoryĬonfigure osquery repo on Ubuntu by running the commands below: export OSQUERY_KEY=1484120AC4E9F8A1A577AEEE97A80C63C9D8B80BsudoĪpt-key adv -keyserver -recv-keys $OSQUERY_KEY You might want to reboot your system after the upgrade to make sure that some of the changes have taken effect, e.g Kernel upgrades which require system reboot to change to the latest version. How To Install Osquery on Ubuntu 20.04 Prerequisitesīefore we can start installing and using osquery, make sure that you have the following:įollow the steps below to install Osquery on Ubuntu 20.04 Step 1 – Update system We shall be using Ubuntu 20.04 LTS for this demonstration. In this guide, we are going to demonstrate how to install, configure and use osquery to monitor your Linux environment. It can be installed Windows, Linux and mac-OS operating systems. This is a relational database used to show the whole operating system based on structured query language. One of Facebook’s great invention in the technology field is the osquery.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |