What is the type of the service of the "syslog.service"?

tried reinstalling it?

I found this other alternative to access the service type of “syslog.service”, but it doesn’t work.
sudo nano /lib/systemd/system/rsyslog.service

1 Like

it worked well for me. Intresting approach.

1 Like

Actually if it works.

The answer is “notify”

2 Likes

Yes it is, although people probably got it by reading this far. No offense

LOL, put me in jail for that MMG

Its not installed on my Kali by default either.

did it work when you installed it?

Yes, I was able to do a few things on the academy side. I will say I am not having any issues at all today. So maybe I was just trying to use it during a heavy server load?

I will let you know if I have further issues with it and document it a bit better because I really did have to start and restart the target machine multiple times and only able to enter 1 or 2 commands before it timed out.

Thank you for looking into it.

I forgot to mention that rsyslog doesn’t come preinstalled on kalis default image.
The server load was never problem with me, idk it could be that Europe isn’t really as active as for example the US.
If you have any problems ask and we will be glad to help!

Thanks for your help @marek33366

I had already tried around for quite a while and came to no satisfactory result. Very annoying since this seemed to be an easy one…
In the end it was actually super easy thanks to your command. For me it worked in every proposed way either on my pwnbox or on my local Parrot OS. I tried different methods and each delivered the desired result! :slight_smile:
Under the bottom line I would say that the initial command is the most elegant way since the input is straight-forward and the output is on point:

systemctl show syslog.service -p Type

Thanks as well to @Europol1. That approach was actually my idea as well but I wasn’t able to locate the corresponding service in order to examine the file… two birds with one stone I would say.

BR, Harry

Let me begin to say thank you @marek33366 for your help. I too was struggling with this seemingly easy question.
I used a fresh HTB Parrot VM and tried several things. One of the things I inspected was syslog.socket. There I saw some examples of syslog.service linking to rsyslog.service.

┌─[✗]─[user@parrot]─[~]
└──╼ $sudo find / -type f -name syslog.socket -exec ls -la {} \; 2>/dev/null
-rw-r--r-- 1 root root 1415 Jan 26 08:12 /run/live/rootfs/filesystem.squashfs/usr/lib/systemd/system/syslog.socket
-rw-r--r-- 1 root root 1415 Jan 26 08:12 /usr/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/systemd/system/syslog.socket
-rw-r--r-- 1 root root 1415 Jan 26 08:12 /usr/lib/systemd/system/syslog.socket
┌─[✗]─[user@parrot]─[~]
└──╼ $cat /usr/lib/systemd/system/syslog.socket
#  SPDX-License-Identifier: LGPL-2.1-or-later
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Syslog Socket
Documentation=man:systemd.special(7)
Documentation=https://www.freedesktop.org/wiki/Software/systemd/syslog
DefaultDependencies=no
Before=sockets.target

# Don't allow logging until the very end
Conflicts=shutdown.target
Before=shutdown.target

# Don't try to activate syslog.service if sysinit.target has failed.
Conflicts=emergency.service
Before=emergency.service

[Socket]
ListenDatagram=/run/systemd/journal/syslog
SocketMode=0666
PassCredentials=yes
PassSecurity=yes
ReceiveBuffer=8M

# The default syslog implementation should make syslog.service a
# symlink to itself, so that this socket activates the right actual
# syslog service.
#
# Examples:
#
# /etc/systemd/system/syslog.service -> /lib/systemd/system/rsyslog.service
# /etc/systemd/system/syslog.service -> /lib/systemd/system/syslog-ng.service
#
# Best way to achieve that is by adding this to your unit file
# (i.e. to rsyslog.service or syslog-ng.service):
#
# [Install]
# Alias=syslog.service
#
# See https://www.freedesktop.org/wiki/Software/systemd/syslog for details.

Perhaps I’m completely wrong about it, but maybe syslog is replaced for rsyslog in a newer HTB Parrot ISO?
Because sudo systemctl show syslog.service -p Type gave me this output:

┌─[user@parrot]─[~]
└──╼ $sudo systemctl show syslog.service -p Type
Type=

But sudo systemctl show rsyslog.service -p Type gave me the correct output:
image

I also found some info about the differences between syslog and rsyslog on this page:
https://serverfault.com/questions/692309/what-is-the-difference-between-syslog-rsyslog-and-syslog-ng
Perhaps it’s interesting to know for beginners like me :slight_smile:

2 Likes

Glad to help since this is probably the last time I am sharing a post on this platform it is good to know I helped someone again. I am a proffesional rower and pentesting takes a lot of time to learn it and stay updated, I just got into investing since it does take less time to learn. See you again!

1 Like

@marek33366 -The answer is so straightforward. you would need to view the contents of /etc/systemd/system/syslog.service and would get the answer easily. DM me if other ppl need support

command → systemctl show syslog.service -p Type
result → Type=notify
answer → notify

just do “systemctl show syslog.service” and read line by line starting at the top. I found the answer that way.

i see this issue come up, you need to be ssh’ed into the target to get the answer. if all the screen grabs so far, it’s their own instance and thus shouldn’t give the answer(?). if you load the instance on the page that should help. if you’re doing it from the vm, you need to do through the process of downloading the vpn, run it in openvpn, then open another terminal and ssh in. through there you’ll have all the tools unless it tells you to install them.


as you can see from my picture i have 2 different instances (well technically 3, one is the openvpn which i haven’t changed).

hope this wall of text at least helps someone, the command at the top did for me

buen aporte

Notify