Skip to content

CampusTech/fleet-pubsub-bq

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.github/workflows
.github/workflows
 
 
internal/ingest
internal/ingest
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

fleet-pubsub-bq

Cloud Run service that receives Fleet osquery log messages from GCP PubSub push subscriptions and writes them to BigQuery.

Environment variables

Variable Description
BQ_PROJECT_ID GCP project hosting the BigQuery dataset
BQ_DATASET_ID BigQuery dataset ID (e.g. fleet_logs)
RESULT_SUBSCRIPTION PubSub subscription ID for osquery result logs
STATUS_SUBSCRIPTION PubSub subscription ID for osquery status logs
AUDIT_SUBSCRIPTION PubSub subscription ID for Fleet audit logs
PORT HTTP port (default 8080)

BigQuery tables

  • result_logs — One row per osquery result row. Snapshot arrays are exploded; diffResults are split into added/removed rows.
  • status_logs — Osquery agent status/error logs.
  • audit_logs — Fleet user/automation audit activity.

Image

Pre-built images are published to GHCR on every tagged release:

ghcr.io/campustech/fleet-pubsub-bq:latest
ghcr.io/campustech/fleet-pubsub-bq:v1.0.0

Building

docker build -t fleet-pubsub-bq .

Testing

go test ./...

Authorship

This code was written by Claude (Anthropic) and reviewed by a human before submission.

About

Cloud Run service: Fleet osquery PubSub → BigQuery log ingest

Topics

golang bigquery google-cloud pubsub mdm osquery fleet cloud-run

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
May 5, 2026

Packages

 
 
 

Contributors

Languages