dissect.target.plugins.os.windows.log.mssql
¶
Module Contents¶
Classes¶
Return information related to Microsoft SQL Server. |
Attributes¶
- dissect.target.plugins.os.windows.log.mssql.MssqlErrorlogRecord¶
- dissect.target.plugins.os.windows.log.mssql.RE_TIMESTAMP_PATTERN¶
- class dissect.target.plugins.os.windows.log.mssql.MssqlPlugin(target: dissect.target.target.Target)¶
Bases:
dissect.target.plugin.Plugin
Return information related to Microsoft SQL Server.
- Currently returns ERRORLOG messages. These log files contain information such as:
Logon failures
Enabling/disabling of features, such as xp_cmdshell
References
- __namespace__ = 'mssql'¶
Defines the plugin namespace.
- MSSQL_KEY = 'HKLM\\SOFTWARE\\Microsoft\\Microsoft SQL Server'¶
- FILE_GLOB = 'ERRORLOG*'¶
- instances = []¶
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- errorlog() Iterator[MssqlErrorlogRecord] ¶
Return all Microsoft SQL Server ERRORLOG messages.
- These log files contain information such as:
Logon failures
Enabling/disabling of features, such as xp_cmdshell
Yields MssqlErrorlogRecord instances with fields:
ts (datetime): Timestamp of the log line. instance (str): SQL Server instance name. process (str): Process name. message (str): Log message. path (Path): Path to the log file.
References