# MSSQL Logs

## Overview

**Evidence:** MSSQL Logs\
**Description:** Collect MSSQL Logs\
**Category:** Applications\
**Platform:** windows\
**Short Name:** mssqll\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

Microsoft SQL Server logs contain database engine events, errors, warnings, and informational messages. These logs track authentication, query execution, backup operations, and configuration changes.

## Data Collected

This collector gathers structured data about mssql logs.

## Collection Method

This collector gathers MSSQL error logs and agent logs from the SQL Server installation directory, collecting server activity and diagnostic information.

## Forensic Value

MSSQL logs help identify SQL injection attacks, unauthorized database access, privilege escalation, data modification, and suspicious stored procedure execution. They reveal failed login attempts and abnormal query patterns.