Log Analysis

Vasim Akram Shaik — Thu, 15 Sep 2022 05:48:00 +0000

1.Write down top 10 events in Windows and identify their event ID ?
4624 Successful account log on
4625 Failed account log on
4634 An account logged off
4648 A logon attempt was made with explicit credentials
4719 System audit policy was changed.
4964 A special group has been assigned to a new log on
1102 Audit log was cleared. This can relate to a potential attack
4720 A user account was created
4722 A user account was enabled
4723 An attempt was made to change the password of an account

2.Write down top 10 events in Linux and identify their pattern and log linux

/var/log/messages
/var/log/auth.log
/var/log/secure
/var/log/boot.log
/var/log/dmesg
/var/log/kern.log
/var/log/faillog
/var/log/yum.log
var/log/httpd/
/var/log/mysql.log

3.Identify the log file in linux which log service start|stop|enable|disable
systemctl start service
systemctl stop service
systemctl enable service
systemctl disable service

4.Identify the log file in linux which log process running or killed.
Check in /var/log/kern.log (on Debian/Ubuntu, other distributions might send kernel logs to a different file, but usually under /var/log under Linux

5.Identify the log file of apache and find out list of VERB and count of each using linux command
Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory. On CentOS the log files are placed in /var/log/httpd directory. Reading and Understanding the Apache Log Files

Understanding Datadog Agent

Vasim Akram Shaik — Tue, 13 Sep 2022 09:54:00 +0000

What is Datadog Agent ?
Datadog agent is a combination of collector, Forwarder and DogstaasD. Which collects the metrices, events etc and forwards to the datadog through https.
Type of Datadog Agent ?
StaasD
DogstaasD
Ports used in Datadog agent?
5000-->Exposes runtime metrics about the Agent.
5001-->Used by the Agent CLI and GUI to send commands and pull
information from the running Agent.
5002-->Serves the GUI server on Windows and OSX.
8125-->Used for the DogStatsD server to receive external metrics.
443/tcp--> port for most Agent data.
Top 5 commands with simple explanation troubleshooting Datadog agent?
$ datadog-agent status - To check the status whether it is active or not
$ datadog-agent config - Whether it is configured or not
$ datadog-agent diagnose - To diagnosis the server
$ datadog-agent health - To check the health of server
$ datadog-agent integration - To check whether container integrated or not
5 techniques for troubleshooting Datadog?

Verify API token (datadog.yaml)
Verify site/region (datadog.yaml)
Agent is running or not
Restart the services

Locate how to enable Logs monitoring in datadog.yaml
we need to fetch the YML file and then Locate the logs: section and set enabled: false to enabled: true.

Debug School: Vasim Akram Shaik

Log Analysis

Understanding Datadog Agent