A simple showcase of how data from a locally running osquery client can be inserted into a table on a locally running ClickHouse server for subsequent analysis.
This is a Node.js app that uses mysql2 to access a locally running ClickHouse server and osquery-node to access a locally running osquery client.
Before running the JS app, make sure to have a ClickHouse server and an osquery client running. In ClickHouse, create a database named "osquery" for the app to connect to.
To run the JS server app on your machine:
- Install Node.js.
- Clone this repository to your machine.
- Go to the root folder of the repository in the terminal and install npm package dependencies by running this command:
npm install
- Run the app using this command:
node app
The default port for this app is 3000, so once the app is running the page can be accessed locally on localhost:3000
The app processes a simple form with 2 input fields:
- Table name: the name of the table to write results into (if the table already exists, it will be dropped to be created again, thereby deleting all existing data).
- Query: the SQL query to be sent to the osquery client.
On submit, in case of a successful write, the new ClickHouse table can be accessed by standard means.