1. Write down top 10 events in Windows and identify their event ID
4723 - An attempt was made to change the password of an account
4625 - Failed account login
4624 - Successful account login
4719 - System audit policy was changed.
4722 - A user account was enabled
4634 - account logged off
4648- A logon attempt was made with explicit credentials
4964 - Special group has been assigned to a new log
1102 - Audit log was cleared.
4720 - A user account was created
2. Write down top 10 events in Linux and identify their pattern and log Linux
/var/log/messages
/var/log/auth.log
/var/log/cron
/var/log/yum.log
/var/log/maillog
/var/log/secure
/var/log/boot.log
/var/log/dmesg
/var/log/kern.log
/var/log/faillog
**
- Identify the log file in linux which log service start|stop|enable|disable** systemctl start SERVICE_NAME systemctl stop SERVICE_NAME systemctl enable SERVICE_NAME systemctl disable SERVICE_NAME
4. Identify the log file in linux which log process running or killed.
check the logfile using this - /var/log/kern.log
5. Identify the log file of apache and find out list of VERB and count of each using linux command
var/log/apache/access.log
/var/log/apache2/access.log
/etc/httpd/log/access_log (on MacOS)
/var/log/apache2/error.log
Top comments (0)