System Logs
Overview
Section titled “Overview”Evidence: System Logs
Description: Collect System Logs
Category: System
Platform: linux
Short Name: sysl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Linux syslog contains comprehensive system-wide logs including application messages, system events, and daemon activities. It’s the primary logging facility on Debian-based systems (Ubuntu, Debian) and captures all non-kernel system messages.
Data Collected
Section titled “Data Collected”This collector gathers structured data about system logs.
Collection Method
Section titled “Collection Method”This collector gathers syslog files from /var/log/syslog*, including rotated logs, which contain timestamped system events and application messages.
Forensic Value
Section titled “Forensic Value”Syslog is critical for investigating system events, application activities, service failures, and security incidents. It provides a comprehensive timeline of system operations essential for incident response and forensic analysis.