bool BrokerQueryManager::queryDataResultVectorInit() { if(!out_query_vector.empty()) { out_query_vector.clear(); } for(int i=0;i<in_query_vector.size();i++) { query_update temp; temp.current_results = getQueryResult(in_query_vector[i].query); if(in_query_vector[i].flag) { std::string init = "INIT_DUMP"; sendUpdateEventToMaster(temp.current_results, init,i); } temp.old_results = temp.current_results; temp.current_results.clear(); // 0.1sec delay usleep(100000); temp.current_results = getQueryResult(in_query_vector[i].query); out_query_vector.emplace_back(temp); firstTime = false; } LOG(WARNING) <<"Sending Updates..."; return (!out_query_vector.empty()) ? true: false; }
void BrokerQueryManager::diffResultsAndEventTriger(int& i) { out_query_vector[i].current_results = getQueryResult(in_query_vector[i].query); //osquery::diff function to calculate difference in two query results // for corresponding query. diff_result = osquery::diff(out_query_vector[i].old_results, out_query_vector[i].current_results); // check if new rows added and master is also interested in added events if((diff_result.added.size() > 0) && (event[i]=="ADD" || event[i]=="BOTH")) { //if success then send update to master sendUpdateEventToMaster(diff_result.added, "ADDED",i); } // check if any rows deleted and master is also interested in removed events if((diff_result.removed.size() > 0) && (event[i]=="REMOVED" || event[i]=="BOTH")) { //if success then send update to master sendUpdateEventToMaster(diff_result.removed, "REMOVED",i); } out_query_vector.at(i).old_results = out_query_vector.at(i).current_results; }
bool DMM::getQueryResult(const string &fields, const aMapStr &keyValues, const string &tableName, vector<string> &outList, const string &predicate) { const char ** outCharList; if(!getQueryResult(fields, keyValues, tableName, &outCharList, predicate)) { return false; } int i = 0; while(outCharList[i] != NULL) { outList.push_back(outCharList[i]); free((void*)outCharList[i]); i++; } free(outCharList); return true; }