asl¶
Queries the Apple System Log data structure for system events.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: asl
Mac OSX
Table schema¶
Name |
Type |
Description |
|---|---|---|
time |
INTEGER |
Unix timestamp. Set automatically |
time_nano_sec |
INTEGER |
Nanosecond time. |
host |
TEXT |
Sender’s address (set by the server). |
sender |
TEXT |
Sender’s identification string. Default is process name. |
facility |
TEXT |
Sender’s facility. Default is ‘user’. |
pid |
INTEGER |
Sending process ID encoded as a string. Set automatically. |
gid |
BIGINT |
GID that sent the log message (set by the server). |
uid |
BIGINT |
UID that sent the log message (set by the server). |
level |
INTEGER |
Log level number. See levels in asl.h. |
message |
TEXT |
Message text. |
ref_pid |
INTEGER |
Reference PID for messages proxied by launchd |
ref_proc |
TEXT |
Reference process for messages proxied by launchd |
extra |
TEXT |
Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h. |