The latest articles on Debug School by Harish (@harishbheri). https://www.debug.school/harishbheri https://www.debug.school/images/tDf4U2ja2ptEpEQ9RPOGR2EDyjdgifFLFF2awloGeMQ/rs:fill:90:90/g:sm/mb:500000/ar:1/aHR0cHM6Ly93d3cu/ZGVidWcuc2Nob29s/L3VwbG9hZHMvdXNl/ci9wcm9maWxlX2lt/YWdlLzc3Lzg4YjMy/YjE3LTdhM2YtNGZm/MC05ZTkyLWM2ZDA0/MGVkYTc1YS5wbmc https://www.debug.school/harishbheri en Harish Thu, 15 Sep 2022 06:05:45 +0000 https://www.debug.school/harishbheri/log-analysis-4590 https://www.debug.school/harishbheri/log-analysis-4590 <p>1.Write down top 10 events in Windows and identify their event ID ?<br> 4624 Successful account log on<br> 4625 Failed account log on<br> 4634 An account logged off<br> 4648 A logon attempt was made with explicit credentials<br> 4719 System audit policy was changed.<br> 4964 A special group has been assigned to a new log on<br> 1102 Audit log was cleared. This can relate to a potential attack<br> 4720 A user account was created<br> 4722 A user account was enabled<br> 4723 An attempt was made to change the password of an account</p> <p>2.Write down top 10 events in Linux and identify their pattern and log linux ?<br> /var/log/messages<br> /var/log/auth.log<br> /var/log/secure<br> /var/log/boot.log<br> /var/log/dmesg<br> /var/log/kern.log<br> /var/log/faillog<br> /var/log/yum.log<br> var/log/httpd/<br> /var/log/mysql.log</p> <p>3.Identify the log file in linux which log service<br> start|stop|enable|disable ?<br> systemctl start service<br> systemctl stop service<br> systemctl enable service<br> systemctl disable service</p> <p>4.Identify the log file in linux which log process running or killed ?<br> Check in /var/log/kern.log (on Debian/Ubuntu, other distributions might send kernel logs to a different file, but usually under /var/log under Linux</p> <p>5.Identify the log file of apache and find out list of VERB and count of each using linux command?<br> Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory.<br> On CentOS the log files are placed in /var/log/httpd directory.Reading and Understanding the Apache Log Files</p> Harish Tue, 13 Sep 2022 10:09:14 +0000 https://www.debug.school/harishbheri/understanding-datadog-agent-4fao https://www.debug.school/harishbheri/understanding-datadog-agent-4fao <ul> <li><p>What is Datadog agent?<br> The Datadog Agent is software that runs on your hosts. It collects events and metrics from hosts and sends them to Datadog, where you can analyze your monitoring and performance data. The Datadog Agent is open source and its source code. <br> The Datadog agent is a lightweight software installed on applications hosts that helps push every log, event, trace, and metric produced by your applications and infrastructure using the Datadog APIs.</p></li> <li><p>Type of Datadog Agent?<br> DogstatsD,StatsD</p></li> <li><p>Ports used to in Datadog agent?<br> HTTP, TCP, HTTPS</p></li> <li><p>Top 5 commands with simple explanation troubleshooting Datadog agent?<br> sudo systemctl start datadog-agent - Start agent <br> sudo systemctl stop datadog-agent - Stop agent<br> sudo systemctl restart datadog-agent - Restart agent<br> sudo systemctl status datadog-agent - Check status</p></li> <li><p>Locate how to enable Logs monitoring in datadog.yaml<br> edit the datadog.yaml file. Locate the logs: section and set enabled: false to enabled: true.</p></li> <li><p>5 techniques for troubleshooting Datadog?<br> Verify API token (datadog.yaml)<br> Verify site/region (datadog.yaml)<br> Datadog Agent is running or not under services<br> check if logs enabled under config file</p></li> </ul>