Synopsis Linux Log Analysis

Log Analysis is very important because it allows us to trace back in time and  see what happend or who did it. Log Analysis is not specific to Linux, but Linux is a very popular operating system. The objective of this module is to reinforce the importance of log analysis whether manually or with specialized tools. We go over the important Linux logs that are valuable to Forensics Investigators. We close the presentation by looking at the 5 main open source tools that you can download, install and start using them right now

What is Linux?
Give an example of where Linux is used
What is a Log file?
Are all Log files the same? Why? Why not?
Where are Log files normally stored?
Describe the most important Apache Log files.
What is the auth.log?
What information is contained in the wtmp.log, and how would you view its contents?
Name three additional Linux log files not previously mentioned.
What is the Linux command to list watch for changes?
What is the Linux command to search for 'system crashed' in example.log?
For Log Analysis, why using tools is better doing it manually?
Name three Log Analysis tools for Linux?
Out of the three tools listed in the previous question, which one is your favorite and why?
Who, when and where was Linux created?

 

http://en.wikipedia.org/wiki/History_of_Linux
http://httpd.apache.org/docs/1.3/logs.html
https://help.ubuntu.com/community/LinuxLogFiles
http://www.thegeekstuff.com/2011/08/linux-var-log-files/
http://dev.mysql.com/doc/refman/5.1/en/using-log-files.html
http://www.forensicswiki.org/wiki/Tools
http://sourceforge.net/projects/security-onion/
http://kufli.blogspot.com/2013/07/log-analysis-using-logstash.html
http://www.ossec.net/
http://docs.splunk.com/Documentation/PCI/2.1.1/DataSource/Example2OSSEC
http://www.awstats.org/

 


You must Sign-In to post a comment.