Attention
Zercurity has been acquired by JumpCloud.
This documentation will no longer be maintained or updated. You can read more about the acquisition, or signup to JumpCloud today.
asl¶
Queries the Apple System Log data structure for system events.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: asl
- Mac OSX
Table schema¶
Name | Type | Description |
---|---|---|
time | INTEGER | Unix timestamp. Set automatically |
time_nano_sec | INTEGER | Nanosecond time. |
host | TEXT | Sender’s address (set by the server). |
sender | TEXT | Sender’s identification string. Default is process name. |
facility | TEXT | Sender’s facility. Default is ‘user’. |
pid | INTEGER | Sending process ID encoded as a string. Set automatically. |
gid | BIGINT | GID that sent the log message (set by the server). |
uid | BIGINT | UID that sent the log message (set by the server). |
level | INTEGER | Log level number. See levels in asl.h. |
message | TEXT | Message text. |
ref_pid | INTEGER | Reference PID for messages proxied by launchd |
ref_proc | TEXT | Reference process for messages proxied by launchd |
extra | TEXT | Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h. |