1. Write down top 10 events in Windows and identify their event ID
event ID - 4624 /25 - successful and failed account log on , 4648 - system logon attempt with explicit credentials, 4719 -system audit policy changed, 1102 - audit logs cleared, 4723 - attempt made to change the password of account, 4740 - user account locked, 4735- priviledge local group modified, 4782 - password has an account was accessed, 4946- rule was added to windows firewall exception list.
2. Write down top 10 events in Linux and identify their pattern and log linux
3. Identify the log file in linux which log service
start - sudo systemctl start service.service, stop- sudo systemctl stop service.service, enable - sudo systemctl enable name_service.service,
disable - sudo systemctl disable name_service.service
4. Identify the log file in linux which log process running or killed.
5. Identify the log file of apache and find out list of VERB and count of each using linux command
Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory. On CentOS the log files are placed in /var/log/httpd directory. Reading and Understanding the Apache Log Files