Log Analysis

Indumathi — Thu, 15 Sep 2022 05:54:09 +0000

1.Write down top 10 events in Windows and identify their event ID ?
4624 Successful account log on
4625 Failed account log on
4634 An account logged off
4648 A logon attempt was made with explicit credentials
4719 System audit policy was changed.
4964 A special group has been assigned to a new log on
1102 Audit log was cleared. This can relate to a potential attack
4720 A user account was created
4722 A user account was enabled
4723 An attempt was made to change the password of an account

2.Write down top 10 events in Linux and identify their pattern and log linux ?
/var/log/messages
/var/log/auth.log
/var/log/secure
/var/log/boot.log
/var/log/dmesg
/var/log/kern.log
/var/log/faillog
/var/log/yum.log
var/log/httpd/
/var/log/mysql.log

3.Identify the log file in linux which log service
start|stop|enable|disable ?
systemctl start service
systemctl stop service
systemctl enable service
systemctl disable service

4.Identify the log file in linux which log process running or killed ?
Check in /var/log/kern.log (on Debian/Ubuntu, other distributions might send kernel logs to a different file, but usually under /var/log under Linux

5.Identify the log file of apache and find out list of VERB and count of each using linux command?
Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory.
On CentOS the log files are placed in /var/log/httpd directory.Reading and Understanding the Apache Log Files

UNDERSTANDING DATADOG AGENT

Indumathi — Tue, 13 Sep 2022 09:48:00 +0000

1. What is datadog agent?
The Datadog Agent is software that runs on your hosts.It collects events and metrics from hosts and sends them to Datadog, where you can analyze your monitoring and performance data. The Datadog Agent is open source and its source code is available on GitHub.

2.Ports used in datadog agent?

3.Techniques for troubleshooting datadog?

Is the Datadog API key set up in your datadog.yaml configuration file the API key corresponding to your Datadog platform?
Is the site configured in your datadog.yaml configuration file matching the one from your organization?
Is there only one Datadog Agent running on your host?
Did you restart the Datadog Agent after editing a yaml configuration file?

4.Type of Datadog Agent
Collector and Dogstatsd.

5.Locate how to enable Logs monitoring in datadog.yaml?
Edit the datadog.yaml file and locate the logs & section and set enabled,false to enabled:true.

*6.Top 5 commands with simple explanation troubleshooting Datadog *
$ systemctl start datadog-agent
$ systemctl stop datadog-agent
$ systemctl restart datadog-agent
$ systemctl status datadog-agent
$ datadog-agent config

Debug School: Indumathi

Log Analysis

UNDERSTANDING DATADOG AGENT