Section 4

Question 1

What do system logs track?

Answer 1

System shut down and driver failure

Question 2

What do security logs track?

Answer 2

Successful and unsuccessful log on attempts

Question 3

What do application logs track?

Answer 3

OS and third party app events

Question 4

Where do you look for the logs?

Answer 4

/var/logs and event viewer and SYSLOG

Question 5

What is the BEST way to look at logs?

Answer 5

SYSLOG server

Question 6

What are the 3 versions of SYSLOG in order from oldest to newest?

Answer 6

SYSLOG, RSYSLOG (Linux), SYSLOG-NG (Linux)

Question 7

What is netflow for?

Answer 7

Created by Cisco. Collects IP network traffic. It gives a summary of how traffic is flowing in or out of the network. It is not a packet capture tool.

It gives information such as who is using the most bandwidth and why is traffic spiking at certain times.

Question 8

What is sflow short for and what is its purpose?

Answer 8

Sampled Flow; its an open source version of netflow. It exports a samples of network flows.

Question 9

What is Internet Protocol Flow Information Export (IPFix)?

Answer 9

It’s essentially a standardized system that tracks information for billing/accounting systems. Phone companies use this to track your minutes and data usage in order to bill you based on your usage.

Question 10

What is Metadata?

Answer 10

It’s analytical data about data.

Question 11

What is journalctl used for?

Answer 11

Linux command line to query and display logs from journald which is the systemd logging service on linux.

Question 12

What is nxlog?

Answer 12

Cross-platform, open source. Very similar to RSYSLOG, and SYSLOG-NG, except that it can work on Windows.