The latest articles on Debug School by Sourav Karmakar (@sourav07). https://www.debug.school/sourav07 https://www.debug.school/images/ZAMnWAAGjMszbIIdbwQ4ojxV_0R4fB1w-gJap6VIigI/rs:fill:90:90/g:sm/mb:500000/ar:1/aHR0cHM6Ly93d3cu/ZGVidWcuc2Nob29s/L3VwbG9hZHMvdXNl/ci9wcm9maWxlX2lt/YWdlLzc1L2FkNDlm/Zjk0LWEyY2YtNDNj/ZC1hMDU3LTJiODI3/OTBjZTZjMC5wbmc https://www.debug.school/sourav07 en Sourav Karmakar Thu, 15 Sep 2022 06:15:00 +0000 https://www.debug.school/sourav07/log-analysis-117p https://www.debug.school/sourav07/log-analysis-117p <p><strong>1. Write down top 10 events in Windows and identify their event ID</strong></p> <p>event ID - 4624 /25 - successful and failed account log on , 4648 - system logon attempt with explicit credentials, 4719 -system audit policy changed, 1102 - audit logs cleared, 4723 - attempt made to change the password of account, 4740 - user account locked, 4735- priviledge local group modified, 4782 - password has an account was accessed, 4946- rule was added to windows firewall exception list.</p> <p><strong>2. Write down top 10 events in Linux and identify their pattern and log linux</strong></p> <p>/var/log/messages<br> /var/log/auth.log<br> /var/log/secure<br> /var/log/boot.log<br> /var/log/dmesg<br> /var/log/kern.log<br> /var/log/faillog<br> /var/log/yum.log<br> var/log/httpd/<br> /var/log/mysql.log</p> <p><strong>3. Identify the log file in linux which log service</strong> </p> <p>start|stop|enable|disable<br> start - sudo systemctl start service.service, stop- sudo systemctl stop service.service, enable - sudo systemctl enable name_service.service,<br> disable - sudo systemctl disable name_service.service</p> <p><strong>4. Identify the log file in linux which log process running or killed.</strong></p> <p>/var/log/kern. log</p> <p><strong>5. Identify the log file of apache and find out list of VERB and count of each using linux command</strong></p> <p>Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory. On CentOS the log files are placed in /var/log/httpd directory. Reading and Understanding the Apache Log Files</p> Sourav Karmakar Tue, 13 Sep 2022 10:07:14 +0000 https://www.debug.school/sourav07/understanding-datadog-agent-2di8 https://www.debug.school/sourav07/understanding-datadog-agent-2di8 <p><strong>What is Datadog Agent?</strong><br> The Datadog Agent is software that runs on our hosts. It collects events and metrics from hosts and sends them to Datadog, where we can analyze our monitoring and performance data.</p> <p><strong>Types of Datadog Agent</strong>.<br> Collector, DogstatsD</p> <p><strong>Ports used to in Datadog Agent</strong><br> 443/tcp, 123/udp</p> <p><strong>Top 5 commands</strong><br> $ systemctl start datadog-agent - start the agent<br> $ systemctl stop datadog-agent - stop the agent<br> $ systemctl status datadog-agent - status of the agent<br> $ datadog-agent config - print all the runtime configuration<br> $ more /etc/datadog-agent/datadog.yaml - details of configuartion file<br> $ ls /var/log/datadog/ - listing</p> <p><strong>Locate how to enable Logs monitoring in datadog.yaml</strong><br> edit the datadog-values.yaml file. Locate the logs: section and set enabled: false to enabled: true.</p> <p><strong>Techniques for troubleshooting Datadog</strong><br> Verify API token (datadog.yaml)<br> Verify site/region (datadog.yaml)<br> Restart the services <br> check if logs enabled under config file</p>