syslog

$ target-query <path/to/target> -f syslog

Details

Module	dissect.target.plugins.os.unix.log.messages.MessagesPlugin
Output	records

Module documentation

Unix messages log plugin.

Function documentation

Return contents of /var/log/messages*, /var/log/syslog* and cloud-init logs.

Due to year rollover detection, the log contents could be returned in reversed or mixed chronological order.

The messages log file holds information about a variety of events such as the system error messages, system startups and shutdowns, change in the network configuration, etc. Aims to store valuable, non-debug and non-critical messages. This log should be considered the “general system activity” log.

References:

• https://geek-university.com/linux/var-log-messages-file/

• https://www.geeksforgeeks.org/file-timestamps-mtime-ctime-and-atime-in-linux/

• https://cloudinit.readthedocs.io/en/latest/development/logging.html#logging-command-output