Secure
Overview
Section titled “Overview”Evidence: Secure
Description: Collect Secure Logs
Category: System
Platform: linux
Short Name: secl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”The secure log is the authentication and security log on Red Hat-based systems, equivalent to auth.log on Debian systems. It records authentication attempts, sudo usage, SSH connections, and security-related events.
Data Collected
Section titled “Data Collected”This collector gathers structured data about secure.
Collection Method
Section titled “Collection Method”This collector gathers secure log files from /var/log/secure*, including rotated archives, capturing all authentication and security events on RHEL-based distributions.
Forensic Value
Section titled “Forensic Value”Secure logs are vital for investigating security breaches, failed login attempts, privilege escalation, SSH attacks, and unauthorized access on Red Hat systems. Essential for forensic analysis and security auditing.