mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-06 09:35:20 +00:00
30 lines
1.4 KiB
Plaintext
30 lines
1.4 KiB
Plaintext
table_name("crashes")
|
|
description("Application, System, and Mobile App crash logs.")
|
|
schema([
|
|
Column("type", TEXT, "Type of crash log"),
|
|
Column("pid", BIGINT, "Process (or thread) ID of the crashed process"),
|
|
Column("path", TEXT, "Path to the crashed process"),
|
|
Column("crash_path", TEXT, "Location of log file", index=True),
|
|
Column("identifier", TEXT, "Identifier of the crashed process"),
|
|
Column("version", TEXT, "Version info of the crashed process"),
|
|
Column("parent", BIGINT, "Parent PID of the crashed process"),
|
|
Column("responsible", TEXT, "Process responsible for the crashed process"),
|
|
Column("uid", INTEGER, "User ID of the crashed process", index=True),
|
|
Column("datetime", TEXT, "Date/Time at which the crash occurred"),
|
|
Column("crashed_thread", BIGINT, "Thread ID which crashed"),
|
|
Column("stack_trace", TEXT, "Most recent frame from the stack trace"),
|
|
Column("exception_type", TEXT, "Exception type of the crash"),
|
|
Column("exception_codes", TEXT, "Exception codes from the crash"),
|
|
Column("exception_notes", TEXT, "Exception notes from the crash"),
|
|
Column("registers", TEXT, "The value of the system registers")
|
|
])
|
|
attributes(user_data=True)
|
|
implementation("crashes@genCrashLogs")
|
|
examples([
|
|
"select * from users join crashes using (uid)",
|
|
])
|
|
fuzz_paths([
|
|
"/Library/Logs/DiagnosticReports",
|
|
"/Users",
|
|
])
|