Network Logs Monitoring and Analysis Flashcards
What is a log?
A collection of information/data on events generated in the form of an audit trail.
Describe these logging approaches:
1) Local
2) Centralized
1) Logs user activities on the host machine.
2) Stores the logs generated by network devices on a central server.
Describe these log event types:
1) Error
2) Warning
3) Information
4) Success Audit
5) Failure Audit
1) A significant problem such as loss of data or loss of functionality.
2) Not significant but may indicate a future problem.
3) Describes a successful operation of an application, driver, or service.
4) An audited security access attempt that is successful.
5) An audited security access attempt that fails.
Where are Linux logs located?
They are located in the /var/log directory and from there are categorized by log type; auth, kern, cron, boot, httpd, mysql.
Describe these linux commands:
1) cat
2) tail
3) head
4) less
5) more
6) grep
1) Displays file contents
2) Displays the last 10 lines of a file
3) Shows the first 10 lines of a file
4) Displays the contents of a file one page (screen) per time.
5) Display the number of lines of a text file that can fit on the screen.
6) Searches for a specific string in a file.