https://vo.rs/tags/forensics/Forensics - Tag - vo.rsHugo -- gohugo.ioenThis work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.Tue, 02 Jun 2026 10:00:00 +0000https://vo.rs/story/reading-the-tea-leaves-intruder-hunting-with-journalctl-and-lnav/<p>When you suspect something is wrong with a server — a sluggish response, an odd process, a vague unease — the temptation is to start poking at running state. But the running state is the present, and an intruder&rsquo;s interesting work is usually in the past. The record of that past is sitting right there in your logs, already written, already timestamped. Logs are your first and cheapest forensic tool, and two utilities turn them from an overwhelming wall of text into a readable story: <code>journalctl</code> and <code>lnav</code>.</p>Tue, 02 Jun 2026 10:00:00 +0000