System Logs

Overview

Evidence: System Logs Description: Collect System Logs Category: System Platform: macos Short Name: sysl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

macOS system logs contain critical system events, kernel messages, daemon activities, and system-level diagnostics. These logs are stored in /var/log and provide comprehensive system operation details.

Data Collected

This collector gathers structured data about system logs.

Collection Method

This collector gathers system log files from /var/log/system*, which includes system.log and related system event logs containing kernel and system daemon messages.

Forensic Value

System logs are essential for investigating system-level events, boot activities, kernel panics, daemon operations, and system-wide errors. They provide critical timeline information for incident response and system behavior analysis.