From the course: Linux Tips

Unlock this course with a free trial

Join today to access over 22,700 courses taught by industry experts.



- [Instructor] osquery is a set of tools that let you gather system information in a way that can be queried, like a relational database. Using osquery, you can construct periodic reports that show information like processes, launch items, open ports, and more in order to look for anomalies, track performance, and monitor the status of managed systems. The software site at has some information and there's extensive documentation at Let's take a few minutes to see osquery in action. You can install osquery on many platforms in a variety of ways. To install it on my Ubuntu system, I'll click on Install on Linux and then go to the downloads page. Then I'll scroll down and follow the instructions to add the apt repository to my system. We'll fast-forward through this and when that's done, I'll install osquery using the package manager. osquery comes with three primary tools we'll work…
