[y4mi]

I stil remember the initial announcement of this years ago... I wasn't able to use it back then but saved it for later.

I'm currently in a situation in which I'd love to use osquery which is why I tried it out a few month ago.

Sadly, there wasn't any inbuilt multi-node/cluster functionality to speak of.

I gave up on it as it's utility is pretty low if you're constrained to localhost queries... And the third party "cluster" tools looked pretty barebones and seemed a hassle to setup. And not even really useful, as they just enable you too execute queries on several nodes.

I would want to do queries across servers. (I.e. select load,uptime, hostname where servertype "worker" and kernelversion "3.4")

there was very little value for me which I could already get with an adhoc Ansible task on my servers

[zercurity]

Hey, there are a few open-source projects doing this:

- https://github.com/kolide/fleet - https://github.com/mwielgoszewski/doorman - https://github.com/zentralopensource/zentral

Then there are a few freemium:

- https://www.zercurity.com/ (Shameless plug - free for as long as you like) - https://kolide.com/ (Though no SQL interface anymore) - https://www.uptycs.com/ (Free trial)

Hope that helps. I'm sure there are a few others.

[rmetzler]

I had a little bit of the same problem and while I think the third party Software like fleet should work (Never really had enough time to try it out at work) I wrote a small ansible module to integrate osqueryi.