Kernel Logs
Overview
Evidence: Kernel Logs Description: Collect Kernel Logs Category: System Platform: linux Short Name: kernl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes
Background
Linux kernel logs (kern.log) contain messages from the Linux kernel including hardware events, driver messages, kernel errors, system calls, and low-level system events. These logs capture kernel-level activities and errors.
Data Collected
This collector gathers structured data about kernel logs.
Collection Method
This collector gathers kernel log files from /var/log/kern*, including rotated logs, which contain kernel messages and low-level system events.
Forensic Value
Kernel logs are critical for investigating kernel exploits, rootkits, hardware manipulation, driver-level attacks, and system crashes. They provide low-level forensic evidence essential for advanced threat analysis.
Last updated
Was this helpful?