Debug School


Posted on

Log Analysis

1.Write down top 10 events in Windows and identify their event ID ?
4624 Successful account log on
4625 Failed account log on
4634 An account logged off
4648 A logon attempt was made with explicit credentials
4719 System audit policy was changed.
4964 A special group has been assigned to a new log on
1102 Audit log was cleared. This can relate to a potential attack
4720 A user account was created
4722 A user account was enabled
4723 An attempt was made to change the password of an account

2.Write down top 10 events in Linux and identify their pattern and log linux ?

3.Identify the log file in linux which log service
start|stop|enable|disable ?

systemctl start service
systemctl stop service
systemctl enable service
systemctl disable service

4.Identify the log file in linux which log process running or killed ?
Check in /var/log/kern.log (on Debian/Ubuntu, other distributions might send kernel logs to a different file, but usually under /var/log under Linux

5.Identify the log file of apache and find out list of VERB and count of each using linux command?
Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory.
On CentOS the log files are placed in /var/log/httpd directory.Reading and Understanding the Apache Log Files

Top comments (0)