2. Programming Q&A
  3. osquery - How to build osqueryi binary? - Stack Overflow

osquery - How to build osqueryi binary? - Stack Overflow

admin2025-04-16  9

It seems like the osqueryi (at least earlier releases) is a separate binary and it's smaller than osqueryd. I'm thinking about including it in an app, and need the smaller version (30 mb vs 100 mb).

How to build just osqueryi ?

It seems like the osqueryi (at least earlier releases) is a separate binary and it's smaller than osqueryd. I'm thinking about including it in an app, and need the smaller version (30 mb vs 100 mb).

How to build just osqueryi ?

  • osquery
Share edited Feb 2 at 0:46 halfer 20.4k19 gold badges109 silver badges202 bronze badges asked Feb 1 at 23:54 Helge HannisdalHelge Hannisdal 113 bronze badges 1
  • This question is rather brief. What have you tried so far? Is there anything in the manual about this? – halfer Commented Feb 2 at 0:47
Add a comment  | 

1 Answer 1

Reset to default 0

osqueryi isn't separate, it's the same binary with a different name (or in some cases a symlink). You can also invoke the same mode by using the -S argument. As in: osqueryd -S

As for size, ignoring the symlink case, they should be the same size. Osquery statically links it's dependancies in, so there's not a lot to trim out. If you're on linux, you might be able to strip the debugging symbols out.

If you're really tight on space, you could look at upx for binary compression. I don't know anyone who uses it for osquery, but it ought work...

转载请注明原文地址:http://www.anycun.com/QandA/1744813053a87970.html

osqueryHow to build osqueryi binaryStack Overflow