Write down top 10 events in Windows and identify their event ID
event ID - 4624 /25 - successful and failed account log on , 4648 - system logon attempt with explicit credentials, 4719 -system audit policy changed, 1102 - audit logs cleared, 4723 - attempt made to change the password of account, 4740 - user account locked, 4735- priviledge local group modified, 4782 - password has an account was accessed, 4946- rule was added to windows firewall exception list.Write down top 10 events in Linux and identify their pattern and log linux
/var/log/messages,/var/log/auth.log, /var/log/secure,/var/log/boot.log, /var/log/dmesg, /var/log/kern.log,/var/log/faillog
/var/log/cron, /var/log/yum.log,/var/log/maillog or /var/log/mail.logIdentify the log file in linux which log service start|stop|enable|disable
start - sudo systemctl start service.service, stop- sudo systemctl stop service.service, enable - sudo systemctl enable name_service.service,
disable - sudo systemctl disable name_service.serviceIdentify the log file in linux which log process running or killed.
If the kernel killed a process (because the system ran out of memory), there will be a kernel log message. Check in /var/log/kern.log (on Debian/Ubuntu, other distributions might send kernel logs to a different file, but usually under /var/log under LinuxIdentify the log file of apache and find out list of VERB and count of each using linux command
Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory. On CentOS the log files are placed in /var/log/httpd directory. Reading and Understanding the Apache Log Files
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (0)