< All Computer Hacking and Forensics Notes

jgalarza2 | Computer and Hacking Forensics | Module 15 –Log Capturing and Event Correlation

By: jgalarza2 | Related Course: Computer Hacking and Forensics | Published: November 6, 2017 | Modified: November 7, 2017
Join Cybrary

NotepadLog Capturing and Event

Next in our Log Capturing and Event Correlation lab series we look at Kiwi SysLog Server. Kiwi SysLog Server is an easy to use, Windows-based network log tool for capturing system logs at the network level for 5 or more devices.
You’ll learn the preciseness of its installation method, and how Kiwi SysLog Server runs in general, and how differently it captures and documents system log events in the Windows, Linux and UNIX environments.
You’ll also learn why log storage format is important for compatibility with other reporting environments when configuring the install, as well as the important of correctly configuring for your port access and firewall integration.


NotepadLog Capturing and Event Correlation

This lab in the Log Capturing and Event Correlation lab series introduces you to the open source event log tool, syslog-ng.
The syslog-ng lab explores how to install this multi-platform tool using the package manager and repositories of the platform where it will live using both the UNIX and Linux systems to demonstrate how things differ.
You’ll learn how it monitors devices on any system and reports using the native environment.


NotepadLog Capturing and Event Correlation Event Log Analyzer7 Lab

Log Capturing and Event Correlation Event Log Analyzer7 Lab
Welcome to Module 15 of the Computer Hacking and Forensics course, Log Capturing and Event Correlation. The Log Capturing and Event Correlation module discusses the log capture process and how it’s associated to one or a series of events.
The hands on demonstrations you’ll engage as part of the Log Capturing and Event Correlation module include the following labs:
Event Log Analyzer7 Lab
Event Log Explorer Lab
Installing syslog-ng Lab
Kiwi SysLog Server Lab
log analysis
Event Log Analyzer7 Lab
The first lab in our Log Capturing and Event Correlation lab series introduces you to Event Log Analyzer7, one of the most comprehensive compliance and event log management tools on the market.
The demonstrations show you how Event Log Analyzer7 automates and centralizes from a graphical perspective and displays detailed information system wide. It’s a detailed spreadsheet type layout, which thoroughly collects, list, analyzes, and archives event logs.
You’ll also observe and learn how Event Log Analyzer7 conducts log forensic analysis, monitors file integrity, uses intelligence in analyzing top host event by offender, and user privilege logs.
You’ll also see the functions as a compliance instrument or to produce trend and user activity reports to include as part of your documentation process. For example, it generates explicitly detailed FISMA, Sox, HIPPA, PCI and other compliance report.


NotepadLog Capturing and Event Correlation Event Log Explorer Lab

Our next lab introduces you to Event Log Explorer. As an investigator, we discuss how to use Event Log Explorer to review and analyze event logs to reveal and discover anomalies from the perspective of an auditor.
Event Log Explorer is a very visually effective software tool for viewing. You’ll learn how effective it is at analyzing and monitoring security, system and application events that are recorded in security, system and application logs.


NotepadLog Capturing and Event Correlation log analysis Lab

Log Capturing and Event Correlation log analysis Lab
For the final demonstration in our Log Capturing and Event Correlation lab series we discuss log analysis as a follow up to the syslog-ng lab demonstration.
We discuss at length the configuration file of the syslog config file, RSYSLOG-CONF.HTML using the Linux deployment of syslog.
We discuss and analyze in depth the configuration setting options, and go further to actually view some of the configuration command structure and syntax. You’ll come away having learned how the auth, sys, cron, kern, mail and other log files are set up, why they different, where and if some overlap, and what functions operate unilaterally and cohesively.


< All Computer Hacking and Forensics Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel