OsQuery 未在 window 中提供 json 或 csv 输出
OsQuery not giving json or csv output in window
Osquery 未在 window 中提供 JSON 或 CSV 输出
我试过这些,但无法生成 CSV 或 JSON 输出。
osquery> --csv select * from time;
osquery> --json select * from time;
osquery> --csv 'select * from time';
osquery> select * from time --CSV;
osquery> 'select * from time' --CSV;
您似乎已经在 shell 模式下启动了 osqueryi,因此它没有解析您试图传递的标志。
你要找的大概是(来自你的cmd.exeshell):
C:\Program Files\osquery>osqueryi.exe --json "select * from time"
[
{"datetime":"2020-07-15T16:02:33Z","day":"15","hour":"16","iso_8601":"2020-07-15T16:02:33Z","local_time":"1594828953","local_timezone":"PDT","minutes":"2","month":"7","seconds":"33","timestamp":"Wed Jul 15 16:02:33 2020 UTC","timezone":"UTC","unix_time":"1594828953","weekday":"Wednesday","year":"2020"}
]
$ osqueryi --csv 'select * from time'
weekday|year|month|day|hour|minutes|seconds|timezone|local_time|local_timezone|unix_time|timestamp|datetime|iso_8601
Wednesday|2020|7|15|16|2|37|UTC|1594828957|PDT|1594828957|"Wed Jul 15 16:02:37 2020 UTC"|2020-07-15T16:02:37Z|2020-07-15T16:02:37Z
您的另一个选择是在 osqueryi shell:
中设置“输出模式”
$ osqueryi.exe
Using a virtual database. Need help, type '.help'
osquery> .mode csv
osquery> select * from time;
weekday,year,month,day,hour,minutes,seconds,timezone,local_time,local_timezone,unix_time,timestamp,datetime,iso_8601
Wednesday,2020,7,15,16,4,33,UTC,1594829073,PDT,1594829073,"Wed Jul 15 16:04:33 2020 UTC",2020-07-15T16:04:33Z,2020-07-15T16:04:33Z
osquery>
我不确定为什么,但是 .mode 命令不支持 JSON 作为格式。
Osquery 未在 window 中提供 JSON 或 CSV 输出 我试过这些,但无法生成 CSV 或 JSON 输出。
osquery> --csv select * from time;
osquery> --json select * from time;
osquery> --csv 'select * from time';
osquery> select * from time --CSV;
osquery> 'select * from time' --CSV;
您似乎已经在 shell 模式下启动了 osqueryi,因此它没有解析您试图传递的标志。
你要找的大概是(来自你的cmd.exeshell):
C:\Program Files\osquery>osqueryi.exe --json "select * from time"
[
{"datetime":"2020-07-15T16:02:33Z","day":"15","hour":"16","iso_8601":"2020-07-15T16:02:33Z","local_time":"1594828953","local_timezone":"PDT","minutes":"2","month":"7","seconds":"33","timestamp":"Wed Jul 15 16:02:33 2020 UTC","timezone":"UTC","unix_time":"1594828953","weekday":"Wednesday","year":"2020"}
]
$ osqueryi --csv 'select * from time'
weekday|year|month|day|hour|minutes|seconds|timezone|local_time|local_timezone|unix_time|timestamp|datetime|iso_8601
Wednesday|2020|7|15|16|2|37|UTC|1594828957|PDT|1594828957|"Wed Jul 15 16:02:37 2020 UTC"|2020-07-15T16:02:37Z|2020-07-15T16:02:37Z
您的另一个选择是在 osqueryi shell:
$ osqueryi.exe
Using a virtual database. Need help, type '.help'
osquery> .mode csv
osquery> select * from time;
weekday,year,month,day,hour,minutes,seconds,timezone,local_time,local_timezone,unix_time,timestamp,datetime,iso_8601
Wednesday,2020,7,15,16,4,33,UTC,1594829073,PDT,1594829073,"Wed Jul 15 16:04:33 2020 UTC",2020-07-15T16:04:33Z,2020-07-15T16:04:33Z
osquery>
我不确定为什么,但是 .mode 命令不支持 JSON 作为格式。