如何将 osquery 的控制台结果保存为 csv 或 excel in windows
how to save console result of osquery as a csv or excel in windows
我正在使用 OSQUERY,我想将 osquery 的结果作为 excel 或 csv.
保存到特定文件
我正在尝试以下但没有得到我想要的
$ osqueryi --json 'select * from osquery_info' > res.json
$猫res.json
{"build_distro":"10.12","build_platform":"darwin","config_hash":"e7c68185a7252c23585d53d04ecefb77b3ebf99c","config_valid":"1", "extensions":"inactive","instance_id":"38201952-9a75-41dc-b2f8-188c2119cda1","pid":"26255","start_time":"1552676034", "uuid":"4740D59F-699E-5B29-960B-979AAF9BBEEB","version":"3.3.0","watcher":"-1"}
]
当我触发以下查询时
osquery> select * from time;
+---------+------+-------+-----+------+---------+---------+----------+------------+----------------+------------+------------------------------+----------------------+----------------------+--------------------+
| weekday | year | month | day | hour | minutes | seconds | timezone | local_time | local_timezone | unix_time | timestamp | datetime | iso_8601 | win_timestamp |
+---------+------+-------+-----+------+---------+---------+----------+------------+----------------+------------+------------------------------+----------------------+----------------------+--------------------+
| Friday | 2019 | 8 | 23 | 12 | 24 | 45 | UTC | 1566563085 | UTC | 1566563085 | Fri Aug 23 12:24:45 2019 UTC | 2019-08-23T12:24:45Z | 2019-08-23T12:24:45Z | 132110366857557098 |
+---------+------+-------+-----+------+---------+---------+----------+------------+----------------+------------+------------------------------+----------------------+----------------------+--------------------+
osquery>
我想将此输出保存到 excel 或 csv。
osqueryi 记录了一个 --csv 标志。那做你想要的吗? (--json 输出 json。)
根据您的工作,许多人将 osquery 用作具有预定查询的守护进程(或服务)。
我正在使用 OSQUERY,我想将 osquery 的结果作为 excel 或 csv.
保存到特定文件我正在尝试以下但没有得到我想要的
$ osqueryi --json 'select * from osquery_info' > res.json
$猫res.json
{"build_distro":"10.12","build_platform":"darwin","config_hash":"e7c68185a7252c23585d53d04ecefb77b3ebf99c","config_valid":"1", "extensions":"inactive","instance_id":"38201952-9a75-41dc-b2f8-188c2119cda1","pid":"26255","start_time":"1552676034", "uuid":"4740D59F-699E-5B29-960B-979AAF9BBEEB","version":"3.3.0","watcher":"-1"} ]
当我触发以下查询时
osquery> select * from time;
+---------+------+-------+-----+------+---------+---------+----------+------------+----------------+------------+------------------------------+----------------------+----------------------+--------------------+
| weekday | year | month | day | hour | minutes | seconds | timezone | local_time | local_timezone | unix_time | timestamp | datetime | iso_8601 | win_timestamp |
+---------+------+-------+-----+------+---------+---------+----------+------------+----------------+------------+------------------------------+----------------------+----------------------+--------------------+
| Friday | 2019 | 8 | 23 | 12 | 24 | 45 | UTC | 1566563085 | UTC | 1566563085 | Fri Aug 23 12:24:45 2019 UTC | 2019-08-23T12:24:45Z | 2019-08-23T12:24:45Z | 132110366857557098 |
+---------+------+-------+-----+------+---------+---------+----------+------------+----------------+------------+------------------------------+----------------------+----------------------+--------------------+
osquery>
我想将此输出保存到 excel 或 csv。
osqueryi 记录了一个 --csv 标志。那做你想要的吗? (--json 输出 json。)
根据您的工作,许多人将 osquery 用作具有预定查询的守护进程(或服务)。