Debug School

Deepak dhodi
Deepak dhodi

Posted on

Log analysis

  1. Write down top 10 events in Windows and identify their event ID
    event ID - 4624 /25 - successful and failed account log on , 4648 - system logon attempt with explicit credentials, 4719 -system audit policy changed, 1102 - audit logs cleared, 4723 - attempt made to change the password of account, 4740 - user account locked, 4735- priviledge local group modified, 4782 - password has an account was accessed, 4946- rule was added to windows firewall exception list.

  2. Write down top 10 events in Linux and identify their pattern and log linux
    /var/log/messages,/var/log/auth.log, /var/log/secure,/var/log/boot.log, /var/log/dmesg, /var/log/kern.log,/var/log/faillog
    /var/log/cron, /var/log/yum.log,/var/log/maillog or /var/log/mail.log

  3. Identify the log file in linux which log service start|stop|enable|disable
    start - sudo systemctl start service.service, stop- sudo systemctl stop service.service, enable - sudo systemctl enable name_service.service,
    disable - sudo systemctl disable name_service.service

  4. Identify the log file in linux which log process running or killed.
    If the kernel killed a process (because the system ran out of memory), there will be a kernel log message. Check in /var/log/kern.log (on Debian/Ubuntu, other distributions might send kernel logs to a different file, but usually under /var/log under Linux

  5. Identify the log file of apache and find out list of VERB and count of each using linux command
    Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory. On CentOS the log files are placed in /var/log/httpd directory. Reading and Understanding the Apache Log Files

Top comments (0)