Kernel Logs

Overview

Evidence: Kernel Logs
Description: Collect Kernel Logs
Category: System
Platform: linux
Short Name: kernl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Linux kernel logs (kern.log) contain messages from the Linux kernel including hardware events, driver messages, kernel errors, system calls, and low-level system events. These logs capture kernel-level activities and errors.

Data Collected

This collector gathers structured data about kernel logs.

Collection Method

This collector gathers kernel log files from /var/log/kern*, including rotated logs, which contain kernel messages and low-level system events.

Forensic Value

Kernel logs are critical for investigating kernel exploits, rootkits, hardware manipulation, driver-level attacks, and system crashes. They provide low-level forensic evidence essential for advanced threat analysis.