Overview

Introduction

The Introduction to Syslog module provides you with the instructions and devices to develop your hands-on skills in the following topics:

  • Syslog Forwarder
  • Syslog Collector
  • Syslog Analysis

A security policy will identify your company’s perspective to logging services which must be clearly defined. How your company collects, manages, and uses information, how and what assets need to be protected, by whom and by what methods the company uses collected data must also be added to the policy.

From an internal perspective, we will use syslog to investigate problems and errors in detail about services and processes happening within a windows system that are not directly visible without interrogation.

Lab time: It will take approximately 1 hour to complete this lab.

Exam Objectives

The following exam objectives are covered in this lab

  • CS0-001 1.1 Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes
  • CS0-001 1.2 Given a scenario, analyze the results of a network reconnaissance
  • CS0-001 3.2 Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation
  • CS0-001 4.3 Given a scenario, review security architecture and make recommendations to implement compensating controls
  • CS0-001 4.5 Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

Exercise 1 - Syslog Forwarder

Syslog forwarder collects the event information from the device, in this case, its windows, and pushes the logs onto the collector. The forwarder is essentially an agent only; it can perform some basic filtering using file selection.

In this exercise, you will learn the following to use tools to gather error information about a domain. It translates more error information and alerts from systems sent up to forward data to a collector.

  • Auditing Windows Logon
  • Syslog Forwarding

Exercise 2 - Syslog Collector

The collector listens out on ports and protocols setup for syslog files; typically it can be UDP or TCP connections. It then uses filters to display information according to the interests of the administrator, for example, filters and actions can be organized for security information only to be displayed for all devices in one screen and saved to a specific file.

In this exercise, you will learn how to use the syslog collector to contain all the information and assist with viewing its details.

  • Syslog Collector
  • Syslog Filtering

Exercise 3 - Syslog Analysis

Syslog can produce very large quantities of information from only one machine reporting if you had a full network of devices reporting to a central resource then the amount of logs to review would be tiresome and problematic. There are some basic diagnostics which can first be used to quickly determine critical errors which need attention; here we will review those abilities.

In this exercise, you will learn the following to;

  • Syslog Diagnostic Information

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.