Working individually you will choose five log files. For each of the logs you sh
ID: 3806044 • Letter: W
Question
Working individually you will choose five log files.
For each of the logs you should perform the following tasks:
· Describe the log
· Create a script that may be useful in managing the log
· Illustrate why the script would be useful
· Create one regular expression that may be useful in analyzing the log
· Describe the rules that dictate the pattern of the regular expression
· Illustrate why the regular expression would be useful.
· (The regular expression should be part of the script)
When describing the log please provide 4 - 5 sample lines and discuss them briefly.
The five logs should be divided as follows:
· Three logs generated by the system (for example: daemon, kern, syslog)
Two logs generated by installed applications (for example: mysql,
Here are the five logs:
************ [/var/log/message: General message and system related stuff ] ************
Jul 17 22:04:25 router dnsprobe[276]: dns query failed
Jul 17 22:04:29 router last message repeated 2 times
Jul 17 22:04:29 router dnsprobe[276]: Primary DNS server Is Down... Switching To Secondary DNS server
Jul 17 22:05:08 router dnsprobe[276]: Switching Back To Primary DNS server
Jul 17 22:26:11 debian -- MARK --
Jul 17 22:46:11 debian -- MARK --
Jul 17 22:47:36 router -- MARK --
Jul 17 22:47:36 router dnsprobe[276]: dns query failed
Jul 17 22:47:38 debian kernel: rtc: lost some interrupts at 1024Hz.
Jun 17 22:47:39 debian kernel: IN=eth0 OUT= MAC=00:0f:ea:91:04:07:00:08:5c:00:00:01:08:00 SRC=61.4.218.24 DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21599 DF PROTO=TCP SPT=59297 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
************ [/var/log/auth.log: Authenication log] ************
Aug 18 11:00:57 izxvps sshd[5657]: Failed password for root from 95.58.255.62 port 38980 ssh2
Aug 18 23:08:26 izxvps sshd[5768]: Failed password for root from 91.205.189.15 port 38156 ssh2
Aug 18 23:08:30 izxvps sshd[5770]: Failed password for nobody from 91.205.189.15 port 38556 ssh2
Aug 18 23:08:34 izxvps sshd[5772]: Failed password for invalid user asterisk from 91.205.189.15 port 38864 ssh2
Aug 18 23:08:38 izxvps sshd[5774]: Failed password for invalid user sjobeck from 91.205.189.15 port 39157 ssh2
Aug 18 23:08:42 izxvps sshd[5776]: Failed password for root from 91.205.189.15 port 39467 ssh2
************ [var/log/kern.log: Kernel logs] ************
May 8 03:07:40 chad last message repeated 1585 times
May 8 03:08:40 chad last message repeated 1587 times
May 8 03:08:58 chad last message repeated 527 times
May 8 03:08:58 chad kernel: apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16ac)
May 8 03:08:58 chad kernel: apm: overridden by ACPI.
May 8 03:08:58 chad kernel: APIC error on CPU0: 40(40)
May 8 03:09:29 chad last message repeated 805 times
May 8 03:10:30 chad last message repeated 1709 times
May 8 03:11:31 chad last message repeated 1745 times
May 8 03:12:32 chad last message repeated 1519 times
May 8 03:13:33 chad last message repeated 1479 times
************ [var/log/cron.log: Crond logs (cron job)] ************
Oct 8 22:00:00 dev-db crond[18340]: (root) CMD (/bin/sh /home/root/bin/system_check &)
Oct 8 23:00:00 dev-db crond[20348]: (oracle) CMD (/bin/sh /home/oracle/bin/cleanup.sh &)
Oct 8 23:59:00 dev-db crond[20399]: (john) CMD (/bin/sh /home/john/bin/backup.sh &)
************ [/var/log/maillog: Mail server logs] ************
Aug 5 10:48:25 domU-12-31-39-0B-C4-54 sm-msp-queue[13360]: q71He1xw027248: to=postmaster, delay=3+17:03:10, xdelay=00:00:00, mailer=relay, pri=23074446, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Aug 5 10:48:25 domU-12-31-39-0B-C4-54 sm-msp-queue[13308]: q717K1wk024979: to=postmaster, delay=4+03:23:18, xdelay=00:00:00, mailer=relay, pri=25779463, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Aug 5 10:48:25 domU-12-31-39-0B-C4-54 sm-msp-queue[13360]: q71He1xx027248: to=postmaster, delay=3+17:03:10, xdelay=00:00:00, mailer=relay, pri=23075343, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
************ [/var/log/boot.log : System boot log] ************
Thu Jun 21 17:39:18 2012: [....] Setting parameters of disc: (none)^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0c.
Thu Jun 21 17:39:18 2012: [....] Setting preliminary keymap...^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.
Thu Jun 21 17:39:18 2012: [....] Activating swap...^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.
Thu Jun 21 17:39:18 2012: [....] Checking root file system...fsck from util-linux 2.20.1
Thu Jun 21 17:39:18 2012: /dev/md0: clean, 534274/72024064 files, 63548418/288085470 blocks
Thu Jun 21 17:39:18 2012: ^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.
Thu Jun 21 17:39:18 2012: [^[[36minfo^[[39;49m] Loading kernel module loop.
Thu Jun 21 17:39:18 2012: [....] Cleaning up temporary files... /tmp /lib/init/rw^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0c.
Thu Jun 21 17:39:18 2012: mount: according to mtab, tmpfs is already mounted on /run/lock
Thu Jun 21 17:39:18 2012:
Thu Jun 21 17:39:18 2012: mount: according to mtab, tmpfs is already mounted on /run/shm
Thu Jun 21 17:39:18 2012:
Thu Jun 21 17:39:18 2012: [....] Generating udev events for MD arrays...^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.
Thu Jun 21 17:39:18 2012: [....] Setting up LVM Volume Groups...^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.
Thu Jun 21 17:39:19 2012: [....] Activating lvm and md swap...^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.
Thu Jun 21 17:39:19 2012: [....] Checking file systems...fsck from util-linux 2.20.1
************ [/var/log/httpd/httpd.log: Apache access and error logs directory] ************
[Wed Mar 21 11:30:58 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Mar 21 11:30:58 2012] [warn] RSA server certificate CommonName (CN) `test8rc1.schtrumpf.com' does NOT match server name!?
[Wed Mar 21 11:30:58 2012] [notice] Digest: generating secret for digest authentication ...
[Wed Mar 21 11:30:58 2012] [notice] Digest: done
[Wed Mar 21 11:31:03 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Mar 21 11:31:03 2012] [warn] RSA server certificate CommonName (CN) `test8rc1.schtrumpf.com' does NOT match server name!?
[Wed Mar 21 11:31:04 2012] [notice] Apache configured -- resuming normal operations
[Wed Mar 21 11:32:34 2012] [error] [client 192.168.0.1] File does not exist: /home/e-smith/files/ibays/Primary/html/favicon.ico
[Wed Mar 21 11:32:34 2012] [error] [client 192.168.0.1] File does not exist: /home/e-smith/files/ibays/Primary/html/favicon.ico
[Wed Mar 21 11:32:59 2012] [notice] Graceful restart requested, doing restart
[Wed Mar 21 11:32:59 2012] [notice] Digest: generating secret for digest authentication ...
[Wed Mar 21 11:32:59 2012] [notice] Digest: done
************ [/var/log/daemon.log: Apache access and error logs directory] ************
Feb 11 06:55:51 mamma NetworkManager: <info> starting...
Feb 11 06:55:51 mamma NetworkManager: <info> Trying to start the modem-manager...
Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: init!
Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: update_system_hostname
Feb 11 06:55:51 mamma NetworkManager: SCPluginIfupdown: guessed connection type (eth0) = 802-3-ethernet
Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: update_connection_setting_from_if_block: name:eth0, type:802-3-ethernet,id:Ifupdown (eth0), uuid: 681b428f-beaf-8932-dce4-687ed5bae28e
Feb 11 06:55:51 mamma NetworkManager: SCPluginIfupdown: management mode:unmanaged
Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: devices added (path: /sys/devices/pci0000:00/0000:00:1c.1/0000:40:00.0/net/eth0, iface:eth0)
Feb 11 06:55:51 mamma NetworkManager: SCPluginIfupdown: locking wired connection setting
Feb 11 06:55:51 mamma NetworkManager: Ifupdown: get unmanaged devices count: 1
Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: (141091568) ...get_connections.
Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: (141091568) ...get_connections (managed=false): return empty list.
Feb 11 06:55:51 mamma NetworkManager: Ifupdown: get unmanaged devices
Explanation / Answer
print >>fileLlog,message
fileLlog.close()
# these lines are used write the log details both in console and log file
# below line are written in python to create two files with log details
4,5) this is done using the windows powershell
>$logevt=new-object System.Diagnostics.EventLog("Application")
#this is used to provide information about maximum size and entries in log and result would be stored in logevt variable
>$logevt.Source="UsingPowerShell"
>$infoevent=[System.Diagnostics.EventLogEntryType]::Information
>$logevt.WriteEntry("Log file using Power Shell",$infoevent,70)
this can be changed by overloading the WriteEntry function as
>($logevt.WriteEntry).OverloadDefinitions
System.Void WriteEntry(String msg)
System.Void WriteEntry(String msg, EventLogEntryType type)
System.Void WriteEntry(String msg, EventLogEntryType type, Int32 eventID)System.Void WriteEntry(String msg, EventLogEntryType type, Int32 eventID, Int16 category)
System.Void WriteEntry(String msg, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)
#script to match the provided Regular expression RegEx from the file 3 please provide the correct file name you have saved
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.