Messages
Overview
Section titled “Overview”Evidence: Messages
Description: Collect Messages Logs
Category: System
Platform: linux
Short Name: msgs
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”The messages log is the primary system log on Red Hat-based distributions (RHEL, CentOS, Fedora). It contains general system messages, informational messages, and non-critical system events from various services and daemons.
Data Collected
Section titled “Data Collected”This collector gathers structured data about messages.
Collection Method
Section titled “Collection Method”This collector gathers messages log files from /var/log/messages*, including rotated archives, which contain system-wide event logs.
Forensic Value
Section titled “Forensic Value”Messages logs are essential for investigating system activities, service operations, hardware events, and security incidents on Red Hat-based systems. They provide crucial timeline data for forensic investigations.