- Write down top 10 events in Windows and identify their event ID ?
4624 Successful account log on
4625 Failed account log on
4634 An account logged off
4648 A logon attempt was made with explicit credentials
4719 System audit policy was changed.
4964 A special group has been assigned to a new log on
1102 Audit log was cleared. This can relate to a potential attack
4720 A user account was created
4722 A user account was enabled
4723 An attempt was made to change the password of an account
Write down top 10 events in Linux and identify their pattern and log linux
Identify the log file in linux which log service start|stop|enable|disable
systemctl start service
systemctl stop service
systemctl enable service
systemctl disable service
Identify the log file in linux which log process running or killed.
Identify the log file of apache and find out list of VERB and count of each using linux command