From 6d9c4fed236485ec0e42a732059f3f8bb49b1259 Mon Sep 17 00:00:00 2001
From: Thiago Canozzo Lahr <tclahr@gmail.com>
Date: Wed, 16 Aug 2023 18:07:13 -0300
Subject: [PATCH] artif: new artifact

---
 CHANGELOG.md                               |  1 +
 artifacts/files/applications/rustdesk.yaml | 23 ++++++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 artifacts/files/applications/rustdesk.yaml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e57880b..977c50d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@
 
 ### Artifacts
 
+- files/applications/rustdesk.yaml: Added the collection of RustDesk access logs and screen recording files [linux, macos].
 - files/applications/steam.yaml: Added the collection of Steam browser artifacts, avatar pictures, configuration and log files [linux, macos].
 - files/system/netscaler.yaml: Added the collection of '/var/vpn', '/var/netscaler/logon', and '/netscaler/ns_gui' system files and directories [netscaler].
 - files/system/nsconfig.yaml: Deprecated. All artifacts were moved to 'files/system/netscaler.yaml' [netscaler].
diff --git a/artifacts/files/applications/rustdesk.yaml b/artifacts/files/applications/rustdesk.yaml
new file mode 100644
index 0000000..e1dd910
--- /dev/null
+++ b/artifacts/files/applications/rustdesk.yaml
@@ -0,0 +1,23 @@
+version: 1.0
+artifacts:
+  -
+    description: Collect access logs.
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/.local/share/logs/RustDesk
+    exclude_nologin_users: true
+  -
+    description: Collect session recording files.
+    supported_os: [linux]
+    collector: file
+    path: /%user_home%/Videos/RustDesk
+    exclude_nologin_users: true
+  -
+    description: Collect access logs.
+    supported_os: [macos]
+    collector: file
+    path: /%user_home%/Library/Logs/RustDesk
+    exclude_nologin_users: true
+
+# References:
+# https://github.com/rustdesk/rustdesk/wiki/FAQ#access-logs
\ No newline at end of file