mssql.errorlog

$ target-query <path/to/target> -f mssql.errorlog
Details

Module

os.windows.log.mssql.MssqlPlugin

Output

records

Module documentation

Return information related to Microsoft SQL Server.

Currently returns ERRORLOG messages. These log files contain information such as:
  • Logon failures

  • Enabling/disabling of features, such as xp_cmdshell

References:

Function documentation

Return all Microsoft SQL Server ERRORLOG messages.

These log files contain information such as:
  • Logon failures

  • Enabling/disabling of features, such as xp_cmdshell

Yields MssqlErrorlogRecord instances with fields:

ts (datetime): Timestamp of the log line.
instance (str): SQL Server instance name.
process (str): Process name.
message (str): Log message.
path (Path): Path to the log file.
References: