Syslog Config Info
Overview
Section titled “Overview”Evidence: Syslog Config Info
Description: ESXi Syslog Config Info
Category: System
Platform: esxi
Short Name: syslogcfg
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”ESXi syslog configuration controls system logging behavior, including storage locations, remote forwarding, and log retention. Logging configuration is a prime target for attackers seeking to cover their tracks by disabling logging or redirecting logs away from legitimate monitoring systems.
Data Collected
Section titled “Data Collected”This collector gathers structured data about syslog config info.
Syslog Config Info Data
Section titled “Syslog Config Info Data”| Field | Description | Example |
|---|---|---|
AccessTime | Access Time | 2023-10-15 14:30:25+03:00 |
AccessCount | Access Count | 123 |
URL | URL | Example value |
Browser | Browser | Example value |
Title | Title | Example value |
VisitDuration | Visit Duration | Example value |
Referrer | Referrer | Example value |
TypedCount | Typed Count | 123 |
IsHidden | Is Hidden | true |
TransitionType | Transition Type | Example value |
VisitID | Visit ID | 123 |
TransitionQualifiers | Transition Qualifiers | Example value |
User | User | Example value |
Profile | Profile | Example value |
HistoryFilePath | History File Path | Example value |
Collection Method
Section titled “Collection Method”This collector parses syslog daemon configuration files and settings, extracting global log destinations, protocol settings (UDP/TCP/TLS), port numbers, certificate configurations for secure logging, and filtering rules.
Forensic Value
Section titled “Forensic Value”Syslog configuration analysis identifies logging gaps, detects tampering with log forwarding, reveals unauthorized log destinations, and validates log integrity protection mechanisms. Configuration changes or disabled logging indicate potential evidence destruction attempts.