- Write down top 10 events in Windows and identify their event ID ?
4624 Successful account log on
4625 Failed account log on
4634 An account logged off
4648 A logon attempt was made with explicit credentials
4719 System audit policy was changed.
4964 A special group has been assigned to a new log on
1102 Audit log was cleared. This can relate to a potential attack
4720 A user account was created
4722 A user account was enabled
4723 An attempt was made to change the password of an account
-
Write down top 10 events in Linux and identify their pattern and log linux
/var/log/messages
/var/log/auth.log
/var/log/secure
/var/log/boot.log
/var/log/dmesg
/var/log/kern.log
/var/log/faillog
/var/log/yum.log
var/log/httpd/
/var/log/mysql.log Identify the log file in linux which log service start|stop|enable|disable
systemctl start service
systemctl stop service
systemctl enable service
systemctl disable serviceIdentify the log file in linux which log process running or killed.
/var/log/kern. logIdentify the log file of apache and find out list of VERB and count of each using linux command
/var/log/apache/access.log
Top comments (0)