asl¶
Queries the Apple System Log data structure for system events.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: asl
- Mac OSX
Table schema¶
Name | Type | Description |
---|---|---|
time | INTEGER | Unix timestamp. Set automatically |
time_nano_sec | INTEGER | Nanosecond time. |
host | TEXT | Sender’s address (set by the server). |
sender | TEXT | Sender’s identification string. Default is process name. |
facility | TEXT | Sender’s facility. Default is ‘user’. |
pid | INTEGER | Sending process ID encoded as a string. Set automatically. |
gid | BIGINT | GID that sent the log message (set by the server). |
uid | BIGINT | UID that sent the log message (set by the server). |
level | INTEGER | Log level number. See levels in asl.h. |
message | TEXT | Message text. |
ref_pid | INTEGER | Reference PID for messages proxied by launchd |
ref_proc | TEXT | Reference process for messages proxied by launchd |
extra | TEXT | Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h. |