Evidence: Kernel Logs
Description: Collect Kernel Logs
Category: System
Platform: linux
Short Name: kernl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Linux kernel logs (kern.log) contain messages from the Linux kernel including hardware events, driver messages, kernel errors, system calls, and low-level system events. These logs capture kernel-level activities and errors.
Data Collected
This collector gathers structured data about kernel logs.
Collection Method
This collector gathers kernel log files from /var/log/kern*, including rotated logs, which contain kernel messages and low-level system events.
Forensic Value
Kernel logs are critical for investigating kernel exploits, rootkits, hardware manipulation, driver-level attacks, and system crashes. They provide low-level forensic evidence essential for advanced threat analysis.
