Evidence: Messages
Description: Collect Messages Logs
Category: System
Platform: linux
Short Name: msgs
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
The messages log is the primary system log on Red Hat-based distributions (RHEL, CentOS, Fedora). It contains general system messages, informational messages, and non-critical system events from various services and daemons.
Data Collected
This collector gathers structured data about messages.
Collection Method
This collector gathers messages log files from /var/log/messages*, including rotated archives, which contain system-wide event logs.
Forensic Value
Messages logs are essential for investigating system activities, service operations, hardware events, and security incidents on Red Hat-based systems. They provide crucial timeline data for forensic investigations.
