Secure

Overview

Evidence: Secure Description: Collect Secure Logs Category: System Platform: linux Short Name: secl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

The secure log is the authentication and security log on Red Hat-based systems, equivalent to auth.log on Debian systems. It records authentication attempts, sudo usage, SSH connections, and security-related events.

Data Collected

This collector gathers structured data about secure.

Collection Method

This collector gathers secure log files from /var/log/secure*, including rotated archives, capturing all authentication and security events on RHEL-based distributions.

Forensic Value

Secure logs are vital for investigating security breaches, failed login attempts, privilege escalation, SSH attacks, and unauthorized access on Red Hat systems. Essential for forensic analysis and security auditing.