Osquery 未在窗口中提供 JSON 或 CSV 输出我已经尝试过这些,但无法生成 CSV 或 JSON 输出。
osquery> --csv select * from time;
osquery> --json select * from time;
osquery> --csv 'select * from time';
osquery> select * from time --CSV;
osquery> 'select * from time' --CSV;
问问题
154 次
1 回答
2
看起来您已经osqueryi在 shell 模式下开始了,所以它没有解析您尝试传递的标志。
您正在寻找的可能是(来自您的 cmd.exe 外壳):
C:\Program Files\osquery>osqueryi.exe --json "select * from time"
[
{"datetime":"2020-07-15T16:02:33Z","day":"15","hour":"16","iso_8601":"2020-07-15T16:02:33Z","local_time":"1594828953","local_timezone":"PDT","minutes":"2","month":"7","seconds":"33","timestamp":"Wed Jul 15 16:02:33 2020 UTC","timezone":"UTC","unix_time":"1594828953","weekday":"Wednesday","year":"2020"}
]
$ osqueryi --csv 'select * from time'
weekday|year|month|day|hour|minutes|seconds|timezone|local_time|local_timezone|unix_time|timestamp|datetime|iso_8601
Wednesday|2020|7|15|16|2|37|UTC|1594828957|PDT|1594828957|"Wed Jul 15 16:02:37 2020 UTC"|2020-07-15T16:02:37Z|2020-07-15T16:02:37Z
您的另一个选择是在osqueryishell 中设置“输出模式”:
$ osqueryi.exe
Using a virtual database. Need help, type '.help'
osquery> .mode csv
osquery> select * from time;
weekday,year,month,day,hour,minutes,seconds,timezone,local_time,local_timezone,unix_time,timestamp,datetime,iso_8601
Wednesday,2020,7,15,16,4,33,UTC,1594829073,PDT,1594829073,"Wed Jul 15 16:04:33 2020 UTC",2020-07-15T16:04:33Z,2020-07-15T16:04:33Z
osquery>
我不知道为什么,但是.mode命令不支持 JSON 作为格式。
于 2020-07-15T16:05:41.337 回答