The latest articles on Debug School by Deepak dhodi (@deepakdhodi_77). https://www.debug.school/deepakdhodi_77 https://www.debug.school/images/jdt77fX6AEazJ2dGzlp-mhUZX-VcjrBW8AoBBeVqYAs/rs:fill:90:90/g:sm/mb:500000/ar:1/aHR0cHM6Ly93d3cu/ZGVidWcuc2Nob29s/L3VwbG9hZHMvdXNl/ci9wcm9maWxlX2lt/YWdlLzg3LzI3NmI5/YmEwLTE0MTItNDk1/NS05YjhhLTcxODQ2/ZTNkOWUxOS5wbmc https://www.debug.school/deepakdhodi_77 en Deepak dhodi Thu, 15 Sep 2022 05:37:40 +0000 https://www.debug.school/deepakdhodi_77/log-analysis-4h7m https://www.debug.school/deepakdhodi_77/log-analysis-4h7m <ol> <li><p>Write down top 10 events in Windows and identify their event ID<br> event ID - 4624 /25 - successful and failed account log on , 4648 - system logon attempt with explicit credentials, 4719 -system audit policy changed, 1102 - audit logs cleared, 4723 - attempt made to change the password of account, 4740 - user account locked, 4735- priviledge local group modified, 4782 - password has an account was accessed, 4946- rule was added to windows firewall exception list.</p></li> <li><p>Write down top 10 events in Linux and identify their pattern and log linux<br> /var/log/messages,/var/log/auth.log, /var/log/secure,/var/log/boot.log, /var/log/dmesg, /var/log/kern.log,/var/log/faillog<br> /var/log/cron, /var/log/yum.log,/var/log/maillog or /var/log/mail.log</p></li> <li><p>Identify the log file in linux which log service start|stop|enable|disable<br> start - sudo systemctl start service.service, stop- sudo systemctl stop service.service, enable - sudo systemctl enable name_service.service,<br> disable - sudo systemctl disable name_service.service</p></li> <li><p>Identify the log file in linux which log process running or killed.<br> If the kernel killed a process (because the system ran out of memory), there will be a kernel log message. Check in /var/log/kern.log (on Debian/Ubuntu, other distributions might send kernel logs to a different file, but usually under /var/log under Linux</p></li> <li><p>Identify the log file of apache and find out list of VERB and count of each using linux command<br> Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory. On CentOS the log files are placed in /var/log/httpd directory. Reading and Understanding the Apache Log Files</p></li> </ol> Deepak dhodi Tue, 13 Sep 2022 09:52:00 +0000 https://www.debug.school/deepakdhodi_77/understanding-datadog-agent-56ii https://www.debug.school/deepakdhodi_77/understanding-datadog-agent-56ii <p>**- **What is Datadog agent?<br> Its a software that runs on host that collects events and metrics from hosts and sends these events and metrices to Datadog, where one analyze monitoring and performance data.</p> <ul> <li>Type of Datadog Agent? Collector and Dogstatsd</li> <li>Ports used to in Datadog agent? UDP , HTTP - 80, TCP, HTTPS - 443</li> <li><p>Top 5 commands with simple explanation troubleshooting Datadog agent?<br> $ systemctl start datadog-agent - start the agent<br> $ systemctl stop datadog-agent - stop the agent <br> $ systemctl status datadog-agent - status of the agent<br> $ datadog-agent config - print all the runtime configuration<br> $ more /etc/datadog-agent/datadog.yaml - details of configuartion file<br> $ ls /var/log/datadog/ - listing</p></li> <li><p>Locate how to enable Logs monitoring in datadog.yaml<br> edit the datadog.yaml file. Locate the logs: section and set enabled: false to enabled: true.</p></li> <li><p>5 techniques for troubleshooting Datadog?<br> Verify API token (datadog.yaml)<br> Verify site/region (datadog.yaml)<br> Datadog Agent is running or not under services<br> check if logs enabled under config file**</p></li> </ul> <p>**</p>