Syslog Logger Info

Overview

Evidence: Syslog Logger Info
Description: ESXi Syslog Logger Info
Category: System
Platform: esxi
Short Name: sloggerinfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

Syslog configuration determines where ESXi logs are stored and forwarded. Proper logging is essential for forensic investigations, and attackers often modify syslog settings to prevent log generation, redirect logs to attacker-controlled servers, or disable remote logging to hide their activities.

Data Collected

This collector gathers structured data about syslog logger info.

Syslog Logger Info Data

Field	Description	Example
`AccessTime`	Access Time	2023-10-15 14:30:25+03:00
`AccessCount`	Access Count	123
`URL`	URL	Example value
`Browser`	Browser	Example value
`Title`	Title	Example value
`VisitDuration`	Visit Duration	Example value
`Referrer`	Referrer	Example value
`TypedCount`	Typed Count	123
`IsHidden`	Is Hidden	true
`TransitionType`	Transition Type	Example value
`VisitID`	Visit ID	123
`TransitionQualifiers`	Transition Qualifiers	Example value
`User`	User	Example value
`Profile`	Profile	Example value
`HistoryFilePath`	History File Path	Example value

Collection Method

This collector parses syslog logger configuration, extracting log rotation settings, local storage paths, remote syslog server destinations, log levels, and facility assignments for each configured logging component.

Forensic Value

Syslog configuration analysis reveals logging tampering, identifies disabled or redirected logs, detects unauthorized remote syslog destinations, and exposes gaps in log coverage. Missing or modified syslog settings may indicate anti-forensics techniques used to evade detection and hide malicious activity.