Skip to Content

From the Virtyx Blog

Osquery Snapshots Arrive in Virtyx

By Ben Burwell • October 22, 2018

We love Osquery here at Virtyx. It’s an open-source project created by Facebook that exposes thousands of machine parameters as a virtual SQL database that can be queried. For example, you might be interested in knowing what users can log into a system. With Osquery, you can quickly find out:

osquery> select uid, username, shell
    ...> from users
    ...> where shell != '/usr/bin/false';
+-----+--------------+------------------+
| uid | username     | shell            |
+-----+--------------+------------------+
| 0   | root         | /bin/sh          |
| 4   | _uucp        | /usr/sbin/uucico |
| 501 | ben          | /bin/zsh         |
+-----+--------------+------------------+

Using a standard SQL interface brings several benefits. First, it’s a query language that many developers, sysadmins, and IT personnel are already familiar with. Second, it provides a way to present lots of different types of data in a consistent way. Finally, it’s an extremely powerful abstraction enabling people to ask detailed, ad-hoc questions about the infrastructure they’re responsible for keeping available, performant, and secure.

Osquery has a built-in mechanism to run queries periodically and report their results to a central endpoint for analysis. This is extremely helpful for keeping an eye on system parameters over time and sending alerts when things change unexpectedly, but it also exposes one of the challenges of monitoring more broadly: it can be hard to predict ahead of time what information will be useful in a diagnostic context. When an incident arises, even with great monitoring tools in place, we often find that there are metrics that would be helpful in our diagnosis that we didn’t anticipate and thus aren’t available.

To fill this need, we’ve developed a powerful feature on top of Osquery that enables something like time travel debugging for custom queries. Every hour, the Virtyx agent takes a “snapshot” of Osquery’s virtual database and uploads it to the Virtyx cloud. This means that when you write a custom query, you can understand how its results have changed over time without having to plan ahead or wait for data to be collected, you can retrospectively run custom queries on any snapshot.

Starting today, when you use Osquery in Virtyx, you’ll automatically get the power of snapshots and with them, the peace of mind that you will be able to quickly get the answers you need to diagnose problems when they arise.


Come join our team - we're hiring!

Get Started for Free
Read More

By Ben Burwell • October 19, 2018

By Jim Maniscalco • September 27, 2018

By Ethan Mick • September 20, 2018

By Jim Maniscalco • September 14, 2018

By Ben Burwell • September 13, 2018

Start using Virtyx today.

If you manage computers or servers, Virtyx can make your life easier.