Hacker News new | past | comments | ask | show | jobs | submit login

Cool, so basically it brings something like WQL to nix, because this is something that exists in Windows already:

    SELECT * FROM Win32_LogicalDisk WHERE FreeSpace < 2097152



Hey, Mike Arpaia here. You're totally right in that the SQL interface is very similar to WMI. Some core differences with osquery are:

- it's cross platform and supports many *nix operating systems

- adding new tables is very well supported via a simple API: https://github.com/facebook/osquery/wiki/creating-a-new-tabl...

- several tools and utilities exist to leverage the power of SQL at scale (osqueryd is a full operating system instrumentation tool which allows you to use SQL to instrument your whole infra): https://github.com/facebook/osquery/wiki/using-osqueryd

All in all, WMI is great, no doubt about it, but osquery has a few unique features which make it a cool, interesting product that you can use all across you internal infrastructure.


Didn't want to give off a "someones been there and has done that already" vibe, your version definitely looks much better. Honestly, I found WMI to be lacking and also to be quite slow.

Great to have a better alternative for unixes!


Of course, it's an intuitive comparison to make. I'm glad you like it! I'm looking forward to working with you and similarly insightful community members on improving osquery for everyone :)


Federated queries across machines would be quite cool.


There has been some really interesting work on distributed streaming queries for monitoring/diagnostics eg http://p2.berkeley.intel-research.net/papers/EuroSys2006-deb...


I think Microsoft does deserve some credit for the idea behind WMI, but when I worked with it I always got the sense that the API was sitting on top of a massive hairball that I didn't want to look at for too long. It was slow, but it worked. I'd be thrilled if osquery just achieved the same level of query completeness, and made it easier to find properties and query them. I found WMI confusing in that regard.


A (not so) simple case: How many network interfaces do I have? WMIC gives one answer, Netsh gives another, ncpa.cpl - Network Control Panel gives another, hardware manager may give another. I'm impressed anything works.


Oh, the wonders of legacy interfaces


Since WMI is the Windows implementation of WBEM I had assumed there were ways to do WQL like stuff on other platforms already.


I quick look at the Wikipedia page [1] reveals there is and I always assumed it all kind of works - I know WMI, CMI and the related stuff and it is not completely cooked up by Microsoft alone and therefore I always assumed that this is a standard solution and I could just point a WMI console to a Linux machine if I wanted to. Now I am not sure if I should like this project because it does something useful or dislike it because it is another incompatible solution (and I lean a bit towards a One True Way philosophy).

[1] http://en.wikipedia.org/wiki/Web-Based_Enterprise_Management...


I think we could just as easily point to SNMP, and the same reasons why that isn't a good argument apply here. They differ in where their priorities lay and what they aspect of management they emphasize.

In this case, it's about easily correlating data to pull more complex information out of specific system data sets.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: