osquery has two RFCs related to backend infrastructure[1] and distributed queries[2]. Have you looked at their proposals? How do you think Envdb compares?
I'm curious about the choice of wrapping osquery instead of implementing a logger plugin[3]. Was it easier to implement and deploy as a wrapper?
Yea, I looked at them. EnvDB has plans to extend past just using osquery. Work could be done to connect deeper or use libosquery directly. I chose to wrap it and plan to build a plugin system for wrapping other processes. It would make wrapping other stuff to conform to a sql question/answer model easier and faster to implement imho. (either way.. whatever they add wont break envdb ;) hehe)