What is osquery?

With osquery, you can use SQL to query low-level operating system information. Under the hood, instead of querying static tables, these queries dynamically execute high-performance native code. The results of the SQL query are transparently returned to you quickly and easily.

Consider the following example, which uses osqueryi, the interactive query console, to execute a few SQL queries.

Install osquery

Installing osquery is easy. We maintain install guides for OS X and Linux on the wiki.

Who uses it?

Facebook uses osquery to gain insight into OS X and Linux hosts. Other notable companies also use osquery because of how easy it is to deploy osquery and the advanced insight into their infrastructure that osquery can offer them

“osquery is simple, lightweight and was very easy to integrate with the other tools we use. The deamon is easy to configure and the deployment process has been really easy.” - Bryan Eastes / Yelp