Skip to content
AIR Knowledge Base

MSSQL Logs

Overview

Section titled “Overview”

Evidence: MSSQL Logs
Description: Collect MSSQL Logs
Category: Applications
Platform: windows
Short Name: mssqll
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Section titled “Background”

Microsoft SQL Server logs contain database engine events, errors, warnings, and informational messages. These logs track authentication, query execution, backup operations, and configuration changes.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about mssql logs.

Collection Method

Section titled “Collection Method”

This collector gathers MSSQL error logs and agent logs from the SQL Server installation directory, collecting server activity and diagnostic information.

Forensic Value

Section titled “Forensic Value”

MSSQL logs help identify SQL injection attacks, unauthorized database access, privilege escalation, data modification, and suspicious stored procedure execution. They reveal failed login attempts and abnormal query patterns.