Evidence: MSSQL Logs
Description: Collect MSSQL Logs
Category: Applications
Platform: windows
Short Name: mssqll
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Microsoft SQL Server logs contain database engine events, errors, warnings, and informational messages. These logs track authentication, query execution, backup operations, and configuration changes.
Data Collected
This collector gathers structured data about mssql logs.
Collection Method
This collector gathers MSSQL error logs and agent logs from the SQL Server installation directory, collecting server activity and diagnostic information.
Forensic Value
MSSQL logs help identify SQL injection attacks, unauthorized database access, privilege escalation, data modification, and suspicious stored procedure execution. They reveal failed login attempts and abnormal query patterns.
