Back to binalyze.com

Syslog Config Info

Overview

Evidence: Syslog Config Info Description: ESXi Syslog Config Info Category: System Platform: esxi Short Name: syslogcfg Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

ESXi syslog configuration controls system logging behavior, including storage locations, remote forwarding, and log retention. Logging configuration is a prime target for attackers seeking to cover their tracks by disabling logging or redirecting logs away from legitimate monitoring systems.

Data Collected

This collector gathers structured data about syslog config info.

Syslog Config Info Data

Field
Description
Example

AccessTime

Access Time

2023-10-15 14:30:25+03:00

AccessCount

Access Count

123

URL

URL

Example value

Browser

Browser

Example value

Title

Title

Example value

VisitDuration

Visit Duration

Example value

Referrer

Referrer

Example value

TypedCount

Typed Count

123

IsHidden

Is Hidden

true

TransitionType

Transition Type

Example value

VisitID

Visit ID

123

TransitionQualifiers

Transition Qualifiers

Example value

User

User

Example value

Profile

Profile

Example value

HistoryFilePath

History File Path

Example value

Collection Method

This collector parses syslog daemon configuration files and settings, extracting global log destinations, protocol settings (UDP/TCP/TLS), port numbers, certificate configurations for secure logging, and filtering rules.

Forensic Value

Syslog configuration analysis identifies logging gaps, detects tampering with log forwarding, reveals unauthorized log destinations, and validates log integrity protection mechanisms. Configuration changes or disabled logging indicate potential evidence destruction attempts.

PreviousSecurity Policy DomainNextSyslog Logger Info

Last updated

Was this helpful?