# Syslog Config Info ## Overview **Evidence:** Syslog Config Info\ **Description:** ESXi Syslog Config Info\ **Category:** System\ **Platform:** esxi\ **Short Name:** syslogcfg\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background ESXi syslog configuration controls system logging behavior, including storage locations, remote forwarding, and log retention. Logging configuration is a prime target for attackers seeking to cover their tracks by disabling logging or redirecting logs away from legitimate monitoring systems. ## Data Collected This collector gathers structured data about syslog config info. ### Syslog Config Info Data | Field | Description | Example | | ---------------------- | --------------------- | ------------------------- | | `AccessTime` | Access Time | 2023-10-15 14:30:25+03:00 | | `AccessCount` | Access Count | 123 | | `URL` | URL | Example value | | `Browser` | Browser | Example value | | `Title` | Title | Example value | | `VisitDuration` | Visit Duration | Example value | | `Referrer` | Referrer | Example value | | `TypedCount` | Typed Count | 123 | | `IsHidden` | Is Hidden | true | | `TransitionType` | Transition Type | Example value | | `VisitID` | Visit ID | 123 | | `TransitionQualifiers` | Transition Qualifiers | Example value | | `User` | User | Example value | | `Profile` | Profile | Example value | | `HistoryFilePath` | History File Path | Example value | ## Collection Method This collector parses syslog daemon configuration files and settings, extracting global log destinations, protocol settings (UDP/TCP/TLS), port numbers, certificate configurations for secure logging, and filtering rules. ## Forensic Value Syslog configuration analysis identifies logging gaps, detects tampering with log forwarding, reveals unauthorized log destinations, and validates log integrity protection mechanisms. Configuration changes or disabled logging indicate potential evidence destruction attempts.