0

我正在使用 OSQUERY,我想将 osquery 的结果作为 excel 或 csv 保存到特定文件中。

我正在尝试以下但没有得到我想要的

$ osqueryi --json 'select * from osquery_info' > res.json

$ 猫 res.json

{"build_distro":"10.12","build_platform":"darwin","config_hash":"e7c68185a7252c23585d53d04ecefb77b3ebf99c","config_valid":"1","extensions":"inactive","instance_id":"38201952-9a75- 41dc-b2f8-188c2119cda1","pid":"26255","start_time":"1552676034","uuid":"4740D59F-699E-5B29-960B-979AAF9BBEEB","version":"3.3.0","观察者":"-1"} ]

当我触发以下查询时

osquery> select * from time;
+---------+------+-------+-----+------+---------+---------+----------+------------+----------------+------------+------------------------------+----------------------+----------------------+--------------------+
| weekday | year | month | day | hour | minutes | seconds | timezone | local_time | local_timezone | unix_time  | timestamp                    | datetime             | iso_8601             | win_timestamp      |
+---------+------+-------+-----+------+---------+---------+----------+------------+----------------+------------+------------------------------+----------------------+----------------------+--------------------+
| Friday  | 2019 | 8     | 23  | 12   | 24      | 45      | UTC      | 1566563085 | UTC            | 1566563085 | Fri Aug 23 12:24:45 2019 UTC | 2019-08-23T12:24:45Z | 2019-08-23T12:24:45Z | 132110366857557098 |
+---------+------+-------+-----+------+---------+---------+----------+------------+----------------+------------+------------------------------+----------------------+----------------------+--------------------+
osquery>

我想将此输出保存到 excel 或 csv 中。

4

1 回答 1

1

osqueryi记录一个--csv标志。这样做是你想要的吗?(--json输出 json。)

根据您所做的事情,许多人将 osquery 用作带有预定查询的守护程序(或服务)。

于 2019-08-23T13:10:34.087 回答