Linux Forensics

Linux OS stores all the related logs, such as events, errors, warnings, etc. These are then ingested into SIEM for continuous monitoring. Some of the common locations where Linux stores logs are:

• /var/log/httpd: Contains HTTP Request / Response and error logs.

• /var/log/cron: Events related to cron jobs are stored in this location.

• /var/log/auth.log and /var/log/secure: Stores authentication-related logs.

• /var/log/kern: This file stores kernel-related events.