Apple System Logs (ASL)

Overview

Evidence: Apple System Logs (ASL) Description: Collect Apple System Logs (ASL) Category: System Platform: macos Short Name: asl Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Apple System Logs (ASL) provide historical system and application log entries prior to Unified Logging. This data is essential for legacy system investigations and timeline reconstruction.

Data Collected

This collector gathers structured data about apple system logs (asl).

Apple System Logs (ASL) Data

Field

Description

Example

PID

PID

123

Sender

Sender

Example value

Facility

Facility

Example value

Message

Message

Example value

Level

Level

Example value

Time

Time

2023-10-15 14:30:25+03:00

Collection Method

This collector copies /private/var/log/asl/*.asl files, converts them via syslog -f -F xml, and records entries into asl.

Forensic Value

This evidence is crucial for forensic investigations as it can reveal authentication events, errors, and system activities captured by ASL.

PreviousApple Audit Logs NextApplication Usage

Last updated 3 days ago

Was this helpful?