Skip to content

SQL LogScout v6.25.04.25

Latest
Latest

Choose a tag to compare

View all tags
@PiJoCoder PiJoCoder released this 05 May 17:00
v6.25.04.25
c9a4139
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Download

Scroll down to the bottom of this page and find the Assets section. Expand it and select SQL_LogScout_v6.25.04.25_Signed.zip to download it

Verify downloaded file:

You can verify the download by computing the hash of the SQL_LogScout_v6.25.04.25_Signed.zip file, using this command:

certutil -hashfile SQL_LogScout_v6.25.04.25_Signed.zip SHA512

Compare to this:

7248a0200c08497705ff3cbf30c7e54411ffabee3b6230ee38a6913270a19037790c9536c469e11e76d244768585aa7742513b58a2ad785739765b080121d45b

Known Issue(s) in this release

Issue 1: False positive detected by CrowdStrike

When you run SQL LogScout in environments that use CrowdStrike, you might encounter an error message that the SQLScript_Repl_Metadata_Collector.psm1 contains malicious content and has been blocked by your antivirus software. This may prevent SQL LogScout from running successfully.

"Failed to import module: SQLScript_Repl_Metadata_Collector.psm1. Error: The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: At \SQLScript_Repl_Metadata_Collector.psm1:1 char:1

This script contains malicious content and has been blocked by your antivirus software"

Cause:

This is a false positive. Crowdstrike has been notified and they have cleared this on their end.

The file in question contains primarily T-SQL code which is invoked by SQL LogScout. It's a script, open-source file that can be viewed here: https://github.com/microsoft/SQL_LogScout/blob/main/SQL%20LogScout/Bin/SQLScript_Repl_Metadata_Collector.psm1

Resolution:

CrowdStrike responded to our request for analysis of this issue with the following:

"Our team carefully analyzed your False Positive request and determined that the file does not meet our detection criteria. The file will no longer be detected by our scanner. Thank you for helping us improve our product."

If you still encounter this issue, you can reach out to CrowdStrike for support and updates on this.

Issue 2: SQL Assessment API may not collect log

Cause:

A change in import module logic in this release introduced a condition where the SQLServer PS module doesn't load successfully. This prevents Invoke-SqlAssessment from running

Workaround

If you need to collect a SQL Assessment API on your system, please do so manually using the following command:

Get-SqlInstance -ServerInstance <SQLServer Instance> -TrustServerCertificate -Encrypt Mandatory | Invoke-SqlAssessment -FlattenOutput | Out-File "d:\temp\AssessmentAPI.out"

Resolution:

A fix for this issue is planned in a future release

Issue 3: LogScout may take a very long time if you have thousands of Full-Text SQLFT* catalog files

Cause

An incorrect variable is used in the code that triggers a very long loop when determining which files to copy

Workaround

The only workaround currently is to cancel the SQL LogScout collection at that point using CTRL+C. If you need to capture those files, you can copy them manually from the \Log folder.

Resolution:

A fix for this issue is planned in a future release

Fixes

Enhancements:

  • Enable collection of logs from Windows Internal Database (WID)
  • SQL Setup Scenario: get a list of installed programs on the system
  • Add TRY...CATCH blocks in SQLScript_TempDB_and_Tran_Analysis.psm1 and SQLScript_NeverEndingQuery_perfstats.psm1 scripts
  • Introduce basic WID instance connection support
  • Basic scenario: Collect .NET Framework and .NET Core versions information
  • Updated Readme document that scheduling WPR Scenario isn't possible, only manual run is allowed
  • Fix blocking that occurs on Tempdb in SQLScript_TempDB_and_Tran_Analysis and SQLScript_SQL_Server_PerfStats_Snapshot on sysidxstats
  • Document in the Readme that user needs to agree to use the digitally signed files from Microsoft when running SQL LogScout
  • Raise an error message if SQLCmd is not installed on the machine and direct user to install it as SQL LogScout relies on it
  • Replication Scenario: Limit agent history table output to 3 days from time of collection
  • Readme update: clarify server instance info in the Scheduled Task creation documentation and vary the examples
  • Add new actions to get query_hash from statement-level Xevents
  • Add new XEvents to Detailed Perf Scenario for Memory Feedback in SQL Server 2022
  • Improve NetTCPandUDPConnections performance and don't collect it on very large servers
  • Add a lookup for registry key to locate SQL Errorlogs regardless of their name
  • Collect sys.servers output in MiscDiagInfo
  • Remove tbl_sysmail_event_log_sysmail_faileditems and tbl_sysmail_log from sqlnexus_tablecheck_proc.sql since it was removed in SQL Nexus
  • Enhance transaction output for version store and open transactions to capture transaction duration
  • Add SQL Agent jobs and CLR rowsets into Basic scenario and remove MSDIagProcs.psm1 as it's not used
  • Enhance different memory grant queries and make sure they collect proper data and don't miss useful data
  • Create a mechanism to stop SQL LogScout based on an event - using a .STOP file
  • Change Improvement_measure column to be an INT/BIGINT data type due to international decimal point separator differences
  • Increase the size of the captured dump files to 200 MB

Fixes:

  • Fix GUI not showing some events for the Detailed performance scenario (e.g. showplan_xml)
  • Improve instance selection via port in GetSQLInstanceNameByPortNo
  • Fix an incorrect prompt to delete and recreate the \output folder when it's not there
  • Introduces logic to select the highest available ODBC driver version to ensure compatibility with TLS 1.2, and retries connections with different drivers if the initial attempt fails.
  • Fixes SQL LogScout failure to start with error "An object at the specified path c:\users\someuser~1.1 does not exist" due to a PowerShell Remove-Item issue
  • Improve robustness of importing of modules which may fail due to lock on PowerShell files by anti-virus or other program
  • Improve Readme examples to use .\sql_logscout.... (Dot followed by backslash)
  • Fix: SQL logs collection (Error Logs, Agent logs etc.) fails on SQL FCI default instances
  • Document ServiceBrokerDBMail as a scenario parameter in the Readme file
  • Fix: Date/time in Event logs is missing AM/PM on non-US Windows configuration
  • Don't invoke SQLCmd commands on shutdown and cleanup if no SQL Server instances on the machine. Refactor CleanupIncompleteShutdown script
  • Fix a typo in informational message

What's Changed

  • Release v6.25.04.25 in #25

Full Changelog: v6.24.11.02...v6.25.04.25

Assets 3
Loading