1. Write down top 10 events in Windows and identify their event ID
event ID - 4624 /25 - successful and failed account log on , 4648 - system logon attempt with explicit credentials, 4719 -system audit policy changed, 1102 - audit logs cleared, 4723 - attempt made to change the password of account, 4740 - user account locked, 4735- priviledge local group modified, 4782 - password has an account was accessed, 4946- rule was added to windows firewall exception list.
2. Write down top 10 events in Linux and identify their pattern and log linux
/var/log/messages
/var/log/auth.log
/var/log/secure
/var/log/boot.log
/var/log/dmesg
/var/log/kern.log
/var/log/faillog
/var/log/yum.log
var/log/httpd/
/var/log/mysql.log
3. Identify the log file in linux which log service
start|stop|enable|disable
start - sudo systemctl start service.service, stop- sudo systemctl stop service.service, enable - sudo systemctl enable name_service.service,
disable - sudo systemctl disable name_service.service
4. Identify the log file in linux which log process running or killed.
/var/log/kern. log
5. Identify the log file of apache and find out list of VERB and count of each using linux command
Location of the Log Files By default on Debian-based distributions such as Ubuntu, access and error logs are located in the /var/log/apache2 directory. On CentOS the log files are placed in /var/log/httpd directory. Reading and Understanding the Apache Log Files
Top comments (0)