System Logs
Overview
Section titled “Overview”Evidence: System Logs
Description: Collect System Logs
Category: System
Platform: macos
Short Name: sysl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”macOS system logs contain critical system events, kernel messages, daemon activities, and system-level diagnostics. These logs are stored in /var/log and provide comprehensive system operation details.
Data Collected
Section titled “Data Collected”This collector gathers structured data about system logs.
Collection Method
Section titled “Collection Method”This collector gathers system log files from /var/log/system*, which includes system.log and related system event logs containing kernel and system daemon messages.
Forensic Value
Section titled “Forensic Value”System logs are essential for investigating system-level events, boot activities, kernel panics, daemon operations, and system-wide errors. They provide critical timeline information for incident response and system behavior analysis.