Syslog Logger Info

Overview

Evidence: Syslog Logger Info Description: ESXi Syslog Logger Info Category: System Platform: esxi Short Name: sloggerinfo Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Syslog configuration determines where ESXi logs are stored and forwarded. Proper logging is essential for forensic investigations, and attackers often modify syslog settings to prevent log generation, redirect logs to attacker-controlled servers, or disable remote logging to hide their activities.

Data Collected

This collector gathers structured data about syslog logger info.

Syslog Logger Info Data

Field

Description

Example

AccessTime

Access Time

2023-10-15 14:30:25+03:00

AccessCount

Access Count

123

URL

URL

Example value

Browser

Browser

Example value

Title

Title

Example value

VisitDuration

Visit Duration

Example value

Referrer

Referrer

Example value

TypedCount

Typed Count

123

IsHidden

Is Hidden

true

TransitionType

Transition Type

Example value

VisitID

Visit ID

123

TransitionQualifiers

Transition Qualifiers

Example value

User

User

Example value

Profile

Profile

Example value

HistoryFilePath

History File Path

Example value

Collection Method

This collector parses syslog logger configuration, extracting log rotation settings, local storage paths, remote syslog server destinations, log levels, and facility assignments for each configured logging component.

Forensic Value

Syslog configuration analysis reveals logging tampering, identifies disabled or redirected logs, detects unauthorized remote syslog destinations, and exposes gaps in log coverage. Missing or modified syslog settings may indicate anti-forensics techniques used to evade detection and hide malicious activity.

PreviousSyslog Config Info NextSystem

Last updated 9 days ago

Was this helpful?