Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hi guys, i was trying to understand what is the status of the `asl` table. I understand it is deprecated since 10.12 but i still can query it and get data when i try in a 10.14 endpoint. But, is that data reliable? or will I be missing events? Should i be looking at using the trail of bits extension for the time being?

This is really an apple thing. Apple deprecated it. As far as I know it still works. 

so do you think all system logs are still going to the ASL?

I’d suggest finding apple docs. I’ve love to know what you find

Juan I would definitely not rely on `asl` table and would instead use ToB's Unified Log extension.

Thanks guys for your answers. I have been looking in the apple developer docs, but the ASL seems to be completely gone, just a small note saying that it is superseded by OSLog. We'll consider the extension or maybe wait for the native API. Thanks!

There is also <https://github.com/macadmins/osquery-extension|https://github.com/macadmins/osquery-extension>