# Syslog Logger Info ## Overview **Evidence:** Syslog Logger Info\ **Description:** ESXi Syslog Logger Info\ **Category:** System\ **Platform:** esxi\ **Short Name:** sloggerinfo\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background Syslog configuration determines where ESXi logs are stored and forwarded. Proper logging is essential for forensic investigations, and attackers often modify syslog settings to prevent log generation, redirect logs to attacker-controlled servers, or disable remote logging to hide their activities. ## Data Collected This collector gathers structured data about syslog logger info. ### Syslog Logger Info Data | Field | Description | Example | | ---------------------- | --------------------- | ------------------------- | | `AccessTime` | Access Time | 2023-10-15 14:30:25+03:00 | | `AccessCount` | Access Count | 123 | | `URL` | URL | Example value | | `Browser` | Browser | Example value | | `Title` | Title | Example value | | `VisitDuration` | Visit Duration | Example value | | `Referrer` | Referrer | Example value | | `TypedCount` | Typed Count | 123 | | `IsHidden` | Is Hidden | true | | `TransitionType` | Transition Type | Example value | | `VisitID` | Visit ID | 123 | | `TransitionQualifiers` | Transition Qualifiers | Example value | | `User` | User | Example value | | `Profile` | Profile | Example value | | `HistoryFilePath` | History File Path | Example value | ## Collection Method This collector parses syslog logger configuration, extracting log rotation settings, local storage paths, remote syslog server destinations, log levels, and facility assignments for each configured logging component. ## Forensic Value Syslog configuration analysis reveals logging tampering, identifies disabled or redirected logs, detects unauthorized remote syslog destinations, and exposes gaps in log coverage. Missing or modified syslog settings may indicate anti-forensics techniques used to evade detection and hide malicious activity.