OSQuery and Python extensions with virtualenv

Question

I'm using OSQuery throught osqueryi and/or osqueryd on Windows.

I've written some Python extensions (tables) and I try using virtualenv to run these Python extensions.

When I run osqueryi.exe and python extensions separately from command line, the extensions are loaded ok and I can query my python tables. In this scenario, I use virtualenv ok.

When I use extensions.load, with my Python extensions and

osquery.flags has the next content

--disable_extensions=false
--config_path=C:\ProgramData\osquery\osquery.conf
--config_plugin=filesystem
--logger_plugin=filesystem
--logger_path=C:\ProgramData\osquery\log
--extensions_autoload=C:\ProgramData\osquery\extensions.load

In this scenario, osqueryi.exe shows the next error

Traceback (most recent call last):
  File "C:\ProgramData\osquery\extensions\my_table.ext", line 3, in <module>
    import osquery
ImportError: No module named osquery

First, I activate my virtualenv and later I run osqueryi.exe with this osquery.flags file

In both scenarios, I used the same virtualenv environment with external modules installed via pip.

How can I configure OSquery To use virtualenv with Python Extensions.

Thanks

After creating virtualenv, you need to install the external modules in the virtualenv. — Stack, Jun 12 '18 at 16:07
Yes, I have installed the external modules in the virtualenv created — J19, Jun 13 '18 at 08:36

score 0 · Answer 1 · answered Jun 13 '18 at 12:49

0

I have solved this issue. Looking source code I have seen an environment variable called OSQUERY_PYTHON_PATH

In Windows you should run something like this

set OSQUERY_PYTHON_PATH=<path to python.exe in virtualenv>

answered Jun 13 '18 at 12:49

J19

667
2
10
27

OSQuery and Python extensions with virtualenv

1 Answers1