Write down top 10 events in Windows and identify their event ID
event ID - 4624 /25 - successful and failed account log on , 4648 - system logon attempt with explicit credentials, 4719 -system audit policy changed, 1102 - audit logs cleared, 4723 - attempt made to change the password of account, 4740 - user account locked, 4735- priviledge local group modified, 4782 - password has an account was accessed, 4946- rule was added to windows firewall exception list.
Write down top 10 events in Linux and identify their pattern and log linux
/var/log/messages,/var/log/auth.log, /var/log/secure,/var/log/boot.log, /var/log/dmesg, /var/log/kern.log,/var/log/faillog
/var/log/cron, /var/log/yum.log,/var/log/maillog or /var/log/mail.log
Identify the log file in linux which log service start|stop|enable|disable
start - sudo systemctl start service.service, stop- sudo systemctl stop service.service, enable - sudo systemctl enable name_service.service,
disable - sudo systemctl disable name_service.service
Identify the log file in linux which log process running or killed.
If the kernel killed a process (because the system ran out of memory), there will be a kernel log message. Check in /var/log/kern.log (on Debian/Ubuntu, other distributions might send kernel logs to a different file, but usually under /var/log under Linux
Identify the log file of apache and find out list of VERB and count of each using linux command
Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory. On CentOS the log files are placed in /var/log/httpd directory. Reading and Understanding the Apache Log Files
For further actions, you may consider blocking this person and/or reporting abuse