Logs

Logs may show useful information such as: - login attempts - network traffic - accessed files, websites… - password changes - app errors

Locations

Windows

Windows Event Viewer - Application - Security - Setup - System

Linux

^/var/log - Authenticathion - Package Management - new installed packets etc. - Syslog - background jobs like services starting and stopping, rcon jobs… - Kernel

Analysing

Manual

^Grep looks for text in files where ^find looks files.

Flags

• ^-i = Case Insensitive
• ^-E = Search using regex
• ^-r = Recursive search ### Examples
• ^grep “192.168.1.30” access.log^

Automatical

Tools like Splunk can be used. They are called SIEM - Security and Event Information Management.