Log analysis

Mahesh — Thu, 15 Sep 2022 05:40:25 +0000

Write down top 10 events in Windows and identify their event ID ?

4624 Successful account log on
4625 Failed account log on
4634 An account logged off
4648 A logon attempt was made with explicit credentials
4719 System audit policy was changed.
4964 A special group has been assigned to a new log on
1102 Audit log was cleared. This can relate to a potential attack
4720 A user account was created
4722 A user account was enabled
4723 An attempt was made to change the password of an account

Write down top 10 events in Linux and identify their pattern and log linux

/var/log/messages
/var/log/auth.log
/var/log/secure
/var/log/boot.log
/var/log/dmesg
/var/log/kern.log
/var/log/faillog
/var/log/yum.log
var/log/httpd/
/var/log/mysql.log
Identify the log file in linux which log service start|stop|enable|disable
systemctl start service
systemctl stop service
systemctl enable service
systemctl disable service
Identify the log file in linux which log process running or killed.
/var/log/kern. log
Identify the log file of apache and find out list of VERB and count of each using linux command
/var/log/apache/access.log

Title - Understanding Datadog Agent by Mahesh

Mahesh — Tue, 13 Sep 2022 10:21:04 +0000

1-** What is Datadog agent?**
It collects events and metrics from hosts and sends them to
Datadog, where you can analyze your monitoring and
performance data
the Agent is configured using a YAML file.
the Agent is the recommended method to forward your data to the Datadog Platform.
2- Type of Datadog Agent?
Logs.
Metrics (gauge, rate, counter, and histogram).
Service checks.
Agent metadata and other events emitted from the /intake/ endpoint.
3- Ports used to in Datadog agent?
5000/tcp
Port for the go_expvar server
5001/tcp
Port the IPC API listens to
5002/tcp
Port for the Agent browser GUI
8125/udp

8126/tcp
Port for the APM receiver

4- Top 5 commands with simple explanation troubleshooting Datadog agent?

config Print the runtime configuration of a running agent
configcheck Print all configurations loaded & resolved of a running agent
diagnose Execute some connectivity diagnosis on your system
dogstatsd-capture Start a dogstatsd UDS traffic capture
dogstatsd-replay Replay dogstatsd traffic
systemctl start datadog-agent
$ systemctl stop datadog-agent
$ systemctl restart datadog-agent
$ systemctl status datadog-agent
**

Locate how to enable Logs monitoring in datadog.yaml** /etc/datadog-agent/conf.d/ /etc/datadog-agent/datadog.yaml

Troubleshooting
5.techniques for troubleshooting Datadog?
i. host connected to the internet
ii. The Datadog API key set up in datadog.yaml configuration
file the API key corresponding to your Datadog platform
iii. The site configured in y datadog.yaml configuration
file matching the one from the organization.
iv. There is only one Datadog Agent running on your host
V. Restart the Datadog Agent after editing a yaml
configuration file

Debug School: Mahesh

Log analysis

Title - Understanding Datadog Agent by Mahesh