Messages

Overview

Evidence: Messages Description: Collect Messages Logs Category: System Platform: linux Short Name: msgs Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

The messages log is the primary system log on Red Hat-based distributions (RHEL, CentOS, Fedora). It contains general system messages, informational messages, and non-critical system events from various services and daemons.

Data Collected

This collector gathers structured data about messages.

Collection Method

This collector gathers messages log files from /var/log/messages*, including rotated archives, which contain system-wide event logs.

Forensic Value

Messages logs are essential for investigating system activities, service operations, hardware events, and security incidents on Red Hat-based systems. They provide crucial timeline data for forensic investigations.