-
Notifications
You must be signed in to change notification settings - Fork 8
/
config_example.yaml
45 lines (43 loc) · 1.19 KB
/
config_example.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
---
runtime:
osquery: "osqueryi"
timeout: 10s
metrics:
counters:
-
name: history_lines_count
help: "number of entries in the history"
query: "select count(*) as count from shell_history"
valueidentifier: count
countervecs:
-
name: last_users_count
help: "number of last logins by username and tty"
query: "select username, tty, count(*) as count from last where username != '' group by username;"
valueidentifier: count
labelidentifier:
- username
- tty
gauges:
-
name: block_devices
help: "number of block devices which are not partitions"
query: "select count(*) as count from block_devices where parent = '';"
valueidentifier: count
-
name: crontab_entries
help: "number of entries in the crontab"
query: "select count(*) as count from crontab;"
valueidentifier: count
gaugevecs:
-
name: users_by_shell
help: "number of users by login shell"
query: select count(*) as count, shell from users group by shell;
valueidentifier: count
labelidentifier:
- shell
## implicit metrics
# success
# number of results
# querytime histogram