Time
2 hours 19 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
Hello, everyone, and welcome back to the course. It ain't farm about extra logs, amigo. Vieira it in the last video, we talked about 82 b and T C P I p.
00:11
In this video, you start talking about Web. Several logs.
00:15
The learning objectives off this video are understands the importance off logs. Understand the website along information
00:23
Review Apache in Jack's in IIs, Log, Destructor
00:27
and perform initial organizes. This is, of course, about logs. But what? Our logs. Where Our Lord so important.
00:37
One of the definitions off log is a piece off foods.
00:41
This definition does not make sense to us,
00:44
you know. Of course, we use the second definition
00:47
that say that our log is a food reading record, often even
00:52
and the Web seven were being charged to generate this log.
00:56
Now we know the definition off a log with You need to know where the important
01:00
suppose you're a stock analyst
01:03
and you receive a call from the end user telling that the computer
01:07
it's weird.
01:08
If you do not have the logs, you need to go to the user computer and check it mentally,
01:15
and it can be too late.
01:18
Although If you have the logs, you can judge the user that everything is okay because it check it. The log in the log say's that phantom our remove it the malicious, softer And in some cases you can have the rebbe access log in charge of the user that he visited a malicious website
01:37
and God effected
01:38
more logs. You have one for make sure you have. That's why the logs are so important.
01:45
Also, the logs will help you understand your infrastructure and applications
01:49
so I could want or it
01:52
it will also help you. He thinks like troubleshooting
01:55
loves are so important that you are stopped in project included. Black off logging as a vulnerability on 2017 version.
02:04
If you did not know where is a wasp, The worry. We'll talk about it later.
02:09
Plugs can help you a lot.
02:12
And if you work for bringing to work as a stock analyst, it is important to know what you need to protect
02:19
because you cannot protect what it do not know
02:23
sees the log is a record.
02:24
We need to start it.
02:27
There are two basic ways to do it.
02:30
Loco are removed
02:31
loco. You save all the logs on the same place that was generated
02:36
and remote is used when you need to send the logs. Journal the place. Maybe because you can storage locally or you want another copy.
02:46
Remote logging is useful because you can have other logs in the same place. If you have many servers, it will help to have all the logs in the same place.
02:55
So let's start talking about Web application or seven logs.
03:00
Most off the time. We can split the information in some questions.
03:06
Who did the action when the action was performed and what was the action?
03:12
Mobile. The attacks will be detected here.
03:15
This is a really simple Web. Several log
03:17
we get easily they'd find a log. What happened
03:22
that we address in user name is the hope. Daring time is when,
03:28
and the request is the world.
03:30
Now, one more example.
03:32
It is important to know that empty fields aren't allowed, so it's not going to see a hyphen.
03:38
The hyphen means no information for that field.
03:43
Let's analyze our log. Example.
03:45
First we have the I P address.
03:47
The next few is related to our C 14 13
03:53
but this field is not really common on the logs.
03:57
It depends on Web several and Web application.
04:00
The next field is a user I G
04:03
follow by there in time.
04:05
Their entire informers depends on the configuration off the Web, several organs
04:11
the next few contains many information.
04:14
The GP method used by the client,
04:16
the requested fire by the client and the TTP version.
04:21
After we have the starts cold, this sizing bites off the answer. The refer and the user agent.
04:30
Just, you know, this was an Apache Web server. Log it simple.
04:33
Okay, now that I know the log fields, what can I do with them? We always need to answer the three questions
04:42
who went inwards in the log will help us.
04:47
Let's check one for Major. Each of you can tell us so saipi in user org would say who
04:55
they're in time When and other orders were explained. What happened
05:00
just to clarify here, the evil for each feud
05:03
lords are using it to rebuild the user behavior by actions
05:09
in this world would say to us they use it if I pee Tenn 0.3 dot 89.4 wasn't the Logan will be patient in access. Another Web page
05:20
in You Thought Jim L.
05:24
The uses scent again using Mozilla Firefox
05:29
in John Closer, this F B in and the Web. Seven. Yes, word without your 100. So no errors.
05:38
They are C 14 13 would say the user off their requests. It asking help identifying who did the action
05:47
and wait. It's use it if you looks like unusual idea information. But as we said before, it's hard to see a Web server using this yield.
05:59
Hear more examples,
06:00
take some time and then analyze these Web several loads
06:04
for us. We have the source I p address
06:08
after we have the dating sign,
06:12
followed by the user requests
06:15
and the user agent.
06:16
You can see in this less line that almost all the log feuds are important and you'll be using for during the analysis
06:26
Now. Only thing missing is the answer to the questions. Who, when and what
06:32
Here we have the who
06:34
We only have information about the client. I p address
06:39
The date is the answer off. The win question
06:43
and all the information is the answer off. The what question
06:47
this is Live shows a resume off important log feuds and its description.
06:53
It is important to this thing. They love fields because it will help you analyze the Web server logs,
06:59
spend some time and take notes. If you want a good place to get more, information is on about your website.
07:06
There's a lesson continues on the next video.

Up Next

Identifying Web Attacks Through Logs

This course will review web application infrastructure, web servers, and the logs associated with them. We will also simulate 10 attack scenarios and identify the attack through logs that are generated by the web server.

Instructed By

Instructor Profile Image
Igor Vieira
Information Security Analyst
Instructor