(CommandLine:\/var\/log\/syslog* ((Image:\/rm (CommandLine:\ \-r\ * OR CommandLine:\ \-f\ * OR CommandLine:\ \-rf\ * OR CommandLine:\/var\/log\/syslog*)) OR Image:\/unlink OR Image:\/mv OR (Image:\/truncate (CommandLine:0\ * CommandLine:\/var\/log\/syslog*) (CommandLine:\-s\ * OR CommandLine:\-c\ * OR CommandLine:\-\-size*)) OR (Image:\/ln (CommandLine:\/dev\/null\ * CommandLine:\/var\/log\/syslog*) (CommandLine:\-sf\ * OR CommandLine:\-sfn\ * OR CommandLine:\-sfT\ *)) OR (Image:\/cp CommandLine:\/dev\/null*) OR (Image:\/shred CommandLine:\-u\ *))) OR ((CommandLine:\ >\ \/var\/log\/syslog* OR CommandLine:\ >\/var\/log\/syslog* OR CommandLine:\ >|\ \/var\/log\/syslog* OR CommandLine:\:\ >\ \/var\/log\/syslog* OR CommandLine:\:>\ \/var\/log\/syslog* OR CommandLine:\:>\/var\/log\/syslog* OR CommandLine:>|\/var\/log\/syslog*) OR (CommandLine:journalctl\ \-\-vacuum* OR CommandLine:journalctl\ \-\-rotate*))