Queries the Apple System Log data structure for system events.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: asl

  • Mac OSX

Table schema

Name Type Description
time INTEGER Unix timestamp. Set automatically
time_nano_sec INTEGER Nanosecond time.
host TEXT Sender’s address (set by the server).
sender TEXT Sender’s identification string. Default is process name.
facility TEXT Sender’s facility. Default is ‘user’.
pid INTEGER Sending process ID encoded as a string. Set automatically.
gid BIGINT GID that sent the log message (set by the server).
uid BIGINT UID that sent the log message (set by the server).
level INTEGER Log level number. See levels in asl.h.
message TEXT Message text.
ref_pid INTEGER Reference PID for messages proxied by launchd
ref_proc TEXT Reference process for messages proxied by launchd
extra TEXT Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h.

Query examples

Select all the results for the given table.