From 620da8e116e1c82421dfd9dbea5d7509937b37b9 Mon Sep 17 00:00:00 2001
From: Miauwkeru <Miauwkeru@users.noreply.github.com>
Date: Thu, 16 Jan 2025 13:36:46 +0000
Subject: [PATCH 1/3] Acquire MSSQL error logs

---
 acquire/acquire.py | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/acquire/acquire.py b/acquire/acquire.py
index d47a674..4df878f 100644
--- a/acquire/acquire.py
+++ b/acquire/acquire.py
@@ -82,11 +82,7 @@
  \__,_|\___\__, |\__,_|_|_|  \___|
   by Fox-IT   |_|             v{}
   part of NCC Group
-""".format(
-    VERSION
-)[
-    1:
-]
+""".format(VERSION)[1:]
 
 MODULES = {}
 MODULE_LOOKUP = {}
@@ -770,6 +766,35 @@ def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Ite
         return spec
 
 
+@register_module("--mssql")
+class MSSQL(Module):
+    DESC = "MSSql error logs"
+
+    SPEC = [("glob", "/var/opt/mssql/log/errorlog*")]
+
+    @classmethod
+    def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
+        log_paths = set()
+
+        if not target.has_function("registry"):
+            return
+
+        for reg_key in target.registry.glob_ext("HKLM\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\*"):
+            try:
+                log_paths.add(reg_key.value("ErrorDumpDir").value)
+            except Exception:
+                pass
+
+            try:
+                subkey = reg_key.subkey("CPE")
+                log_paths.add(subkey.value("ErrorDumpDir").value)
+            except Exception:
+                pass
+
+        for log_path in log_paths:
+            yield ("glob", f"{log_path}/ERRORLOG*")
+
+
 @register_module("--iis")
 class IIS(Module):
     DESC = "IIS logs"

From b6a177125e7a9b36b3101f86afc6f98af5eb3b3c Mon Sep 17 00:00:00 2001
From: Miauwkeru <Miauwkeru@users.noreply.github.com>
Date: Fri, 17 Jan 2025 08:12:19 +0000
Subject: [PATCH 2/3] Add MSSQL module to windows and linux profiles

---
 acquire/acquire.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/acquire/acquire.py b/acquire/acquire.py
index 4df878f..99149b6 100644
--- a/acquire/acquire.py
+++ b/acquire/acquire.py
@@ -82,7 +82,11 @@
  \__,_|\___\__, |\__,_|_|_|  \___|
   by Fox-IT   |_|             v{}
   part of NCC Group
-""".format(VERSION)[1:]
+""".format(
+    VERSION
+)[
+    1:
+]
 
 MODULES = {}
 MODULE_LOOKUP = {}
@@ -2009,6 +2013,7 @@ class WindowsProfile:
         IIS,
         TextEditor,
         Docker,
+        MSSQL,
     ]
 
 
@@ -2026,6 +2031,7 @@ class LinuxProfile:
         Docker,
         History,
         WebHosting,
+        MSSQL,
     ]
 
 

From 3ba3f82f99642944c9451a7f6f7e2d1da7e113ee Mon Sep 17 00:00:00 2001
From: Miauwkeru <Miauwkeru@users.noreply.github.com>
Date: Mon, 20 Jan 2025 10:01:24 +0100
Subject: [PATCH 3/3] Apply suggestions from code review

Co-authored-by: Erik Schamper <1254028+Schamper@users.noreply.github.com>
---
 acquire/acquire.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/acquire/acquire.py b/acquire/acquire.py
index 99149b6..aef8523 100644
--- a/acquire/acquire.py
+++ b/acquire/acquire.py
@@ -772,12 +772,12 @@ def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Ite
 
 @register_module("--mssql")
 class MSSQL(Module):
-    DESC = "MSSql error logs"
+    DESC = "MSSQL error logs"
 
     SPEC = [("glob", "/var/opt/mssql/log/errorlog*")]
 
     @classmethod
-    def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
+    def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple[str, str]]:
         log_paths = set()
 
         if not target.has_function("registry"):