System monitoring

Question 1

log

Answer 1

records system events. startup, driver loaded, logon. time of event, user who caused it, etc.

Question 2

the act of creating logs

Answer 2

logging

Question 3

where is the Windows log?

Answer 3

The Event Viewer

Question 4

some reasons to use event viewer:

Answer 4

curious, crashing game, logon, first step.

Question 5

what to type in run box to get event viewer:

Answer 5

eventvwr.msc

Question 6

what does the default view of Event Viewer show?

Answer 6

the summary of potentially important recent events

Question 7

what can you see in the left hand pane of event viewer?

Answer 7

a few different groups of event types?

Question 8

what is custom views in event viewr?

Answer 8

you can make a filter that will look across all event logs and get what you want, specifically, rather than digging through everything you don’t want.

Question 9

how do you make a custom view of error severtity and critical or higher events logged in the last hour?

Answer 9

create custom view in right hand actions pane, filter, error and critical checkboxes, log: drop down menu: last hour, event logs: Windows logs. Ok. View:, View name:

Question 10

what are Windows category logs?

Answer 10

event logs applying to the whole OS. driver issues during startup, for example.

Question 11

where are security logs?

Answer 11

in windows log category logs.

Question 12

what are applications and service logs?

Answer 12

logs that track events from a single application or os component instead of the system-wide events.

Question 13

where could you check if you were having trouble with PowerShell and wanted information about it?

Answer 13

applications and services, PowerShell

Question 14

what does each line in a given log in the Event Viewer represent?

Answer 14

an event

Question 15

what does each event contain?

Answer 15

information grouped in columns about the event. logging level, information, critical, date and time, detailed info if event is selected, in the bottom of the event viewr.

Question 16

why look at more detailed info?

Answer 16

to dig into troubleshooting or give context for a bug report

Question 17

Where are logs in Linux stored

Answer 17

/var/log

Question 18

what does /var stand for?

Answer 18

Variable

Question 19

What are variable files

Answer 19

files that constantly change

Question 20

why are logs kept in the /var folder?

Answer 20

they’re constantly changing

Question 21

what is /var/log/auth.log?

Answer 21

authorization, Security related events

Question 22

what is /var/log/kern.log?

Answer 22

Kernel messages

Question 23

what is /var/log/dmesg

Answer 23

System start up messages

Question 24

What log file on a Linux system logs pretty much every log on your system

Answer 24

/var/log/syslog

Question 25

what does syslog not log by default?

Answer 25

off events

Question 26

what should be your first stop when looking at Linux logs if you don’t have a very specific idea of what is the problem?

Answer 26

/var/log/syslog

Question 27

How does Linux clean out old log files to make room for new ones

Answer 27

log rotation, Log rotate,

Question 28

How can you make sure that you have access to logs from a month ago

Answer 28

change your log rotation settings in Linux So that your machine won’t delete your old logs

Question 29

What is centralized logging used for

Answer 29

managing multiple machines and trying to see the logs from each of those machines

Question 30

What is the first field in an event log

Answer 30

the time stamp when an event occurred

Question 31

What is a long string of numbers sort of time stamp format called? ex 150-153-8594

Answer 31

Unix epoch time

Question 32

What is unix epoch time used to represent

Answer 32

Number of seconds since midnight on January first nineteen seventy, For unix based computers to anchor their concept of time out of Coordinated universal time, utC

Question 33

Log rotate supplemental reading link

Answer 33

https://manpages.ubuntu.com/manpages/oracular/en/man8/logrotate.8.html

Question 34

but command rotates compresses and mails system logs

Answer 34

logrotate

Question 35

What does the force parameter do for log rotate

Answer 35

forces log rotate to force the rotation even if it doesn’t think this is necessary

Question 36

What is the first thing that you look for if you’re not sure what the issue is

Answer 36

the word error

Question 37

what if you’re saying an issue with a specific application what can you search for?

Answer 37

the application name in the logs

Question 38

how to get error from logs in Linux:

Answer 38

less /var/log/syslog | grep error

Question 39

how do you check timestamps for errors that happened at a specific time?

Answer 39

less /var/log/syslog , and look for the right timestamp

Question 40

What should you do would you get to a log portion that might help you uncover the problem that you’re looking for?

Answer 40

start looking at the output from either the top or bottom

Question 41

What happens if you resolve a root issue

Answer 41

you resolve the problems it causes

Question 42

When do you want to work from the bottom up?

Answer 42

if you weren’t seeing any issues you can figure it in the log so you can figure things out if you come across a clue

Question 43

How can you look at logs in real time

Answer 43

tail command

Question 44

tail -f /var/log/syslog

Answer 44

keep in an open window, and make an event happen, watch the events that get logged to track in real time.

Question 45

what must be true to connect ssh to a client?

Answer 45

ssh is installed on client, ssh server is running on host you want to connect to, you need to specify a hostname to ssh into