So I discovered this really cool project called OSQuery by Facebook. It exposes an operating system as a high-performance relational database. This means you can get information about your system via SQL-like queries which is awesome.
If you have ever tried to build a system monitoring system for instance which requires crunching some system metrics, you know how hard it is to parse that info. You will have to use a number of bash scripts heavily reliant on text processing tools like grep or awk or sed to parse the right info.
For instance consider this bash script which gets interface IP address;
ifconfig | awk -F "[: ]+" '/inet addr:/ { if ($4 != "127.0.0.1") print $4 }' ~
192.168.100.171
10.0.3.1
192.168.0.101
Now imagine you could achieve the same by simply entering select * from interface_addresses;
. Wow, how convenient.
The following are some of the other examples of queries you can run with OSQuery.
#Get your system info
osquery> select * from system_info;
hostname = daverig.oquidave.loc
uuid = c2dea581-1443-43e2-b3dd-06ef4147c95c
cpu_type = 6
cpu_subtype = 69
cpu_brand = Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
cpu_physical_cores = 4
cpu_logical_cores = 4
physical_memory = 8257159168
hardware_vendor =
hardware_model =
hardware_version =
hardware_serial =
computer_name = daverig.oquidave.loc
#Get all users
osquery> select * from users;
uid = 0
gid = 0
uid_signed = 0
gid_signed = 0
username = root
description = root
directory = /root
shell = /bin/bash
uuid =
uid = 1
gid = 1
uid_signed = 1
gid_signed = 1
username = daemon
description = daemon
directory = /usr/sbin
shell = /usr/sbin/nologin
uuid =
#Get USB devices
osquery> select * from usb_devices;
usb_address = 2
usb_port = 1
vendor = Linux Foundation
vendor_id = 1d6b
model = 2.0 root hub
model_id = 0002
serial = 0000:00:14.0
removable = -1
usb_address = 2
usb_port =
vendor = Foxconn / Hon Hai
vendor_id = 0489
model =
model_id = e078
serial =
removable = -1
#Get ip routes
osquery> select * from routes;
destination = 0.0.0.0
netmask = 0
gateway = 192.168.0.1
source =
flags = 0
interface = wlan0
mtu = 0
metric = 600
type = gateway
destination = 10.0.3.0
netmask = 24
gateway =
source = 10.0.3.1
flags = 0
interface = lxcbr0
mtu = 0
metric = 0
type = gateway
#Get name servers;
osquery> select * from dns_resolvers;
id = 0
type = nameserver
address = 127.0.1.1
netmask = 32
options = 524993
id = 0
type = search
address = oquidave.loc
netmask =
options = 524993
#Interfaces
osquery> select * from interface_addresses;
interface = lo
address = 127.0.0.1
mask = 255.0.0.0
broadcast =
point_to_point = 127.0.0.1
interface = eth0
address = 192.168.100.171
mask = 255.255.255.0
broadcast = 192.168.100.255
point_to_point =
select address, mask from interface_addresses where interface="wlan0";
address = 192.168.0.101
mask = 255.255.255.0
While OSquery seems to be in its early stages, I can definitely see its promise to Admins and devs who want to write system monitoring tools.