Debug School

Sourav Karmakar
Sourav Karmakar

Posted on

Log Analysis

1. Write down top 10 events in Windows and identify their event ID

event ID - 4624 /25 - successful and failed account log on , 4648 - system logon attempt with explicit credentials, 4719 -system audit policy changed, 1102 - audit logs cleared, 4723 - attempt made to change the password of account, 4740 - user account locked, 4735- priviledge local group modified, 4782 - password has an account was accessed, 4946- rule was added to windows firewall exception list.

2. Write down top 10 events in Linux and identify their pattern and log linux


3. Identify the log file in linux which log service

start - sudo systemctl start service.service, stop- sudo systemctl stop service.service, enable - sudo systemctl enable name_service.service,
disable - sudo systemctl disable name_service.service

4. Identify the log file in linux which log process running or killed.

/var/log/kern. log

5. Identify the log file of apache and find out list of VERB and count of each using linux command

Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory. On CentOS the log files are placed in /var/log/httpd directory. Reading and Understanding the Apache Log Files

Top comments (0)