- Learning Network Forensics
- Samir Datt
- 376字
- 2021-07-16 12:58:53
Collecting network logs
All machines on your network are not likely to be Linux; therefore, to keep a balance of things, we will use Windows as an example for this exercise.
To start Event Viewer, click on the start button and write Event Viewer, as shown in the following screenshot:
The Event Viewer will open up as shown in the following screenshot:
Event Viewer stores consists of the following components:
- Custom Views
- Windows Logs
- Applications and Services Logs
The different views stores are as follows:
- Custom Views:
- Administrative Events: This contains the Critical, Error, and Warning events from all administrative logs, as shown in the following screenshot:
- Location Activity: As the name suggests, this contains the location activity, as shown in the following screenshot:
- Administrative Events: This contains the Critical, Error, and Warning events from all administrative logs, as shown in the following screenshot:
- Windows Logs: Windows log stores events from legacy applications and events that apply to the entire system:
- Application: The Application log stores events logged by the applications or programs. For example, a database progmemory might record a file error in the application log. The developers of the progmemory module decide which events to log, as shown in the following screenshot:
- Security: The Security log stores events such as valid and invalid log on attempts as well as events related to resource use, such as creating, opening, or deleting files or other objects. Administrators can specify which events are recorded in the security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the security log, as shown in the following screenshot:
- Setup: The Setup log stores events related to application set up, as shown in the following screenshot:
- System: The System log stores events logged by the Windows system components. For example, the failure of a driver or other system component to load during startup is recorded in the System log. The event types logged by system components are predetermined by Windows, as shown in the following screenshot:
- Forwarded Events: The Forwarded Events logs store events collected from remote computers, as shown in the following screenshot:
- Application: The Application log stores events logged by the applications or programs. For example, a database progmemory might record a file error in the application log. The developers of the progmemory module decide which events to log, as shown in the following screenshot:
- Application and Services Logs: These logs store events from a single application or component rather than events that might have system-wide impact:
- Broadband Wireless LAN:
- Hardware Events:
- Internet Explorer:
- Key Management Services:
- Media Center:
- Windows event logs:
- Broadband Wireless LAN:
推薦閱讀
- Mobile Application Development:JavaScript Frameworks
- BeagleBone Media Center
- Animate CC二維動畫設計與制作(微課版)
- GitLab Repository Management
- 編寫高質量代碼:改善C程序代碼的125個建議
- Python機器學習實戰
- Visual Basic程序設計實驗指導(第4版)
- Unity Shader入門精要
- Visual Basic程序設計與應用實踐教程
- Python機器學習:手把手教你掌握150個精彩案例(微課視頻版)
- 青少年Python編程入門
- JavaScript 程序設計案例教程
- R Deep Learning Cookbook
- Learning FuelPHP for Effective PHP Development
- HTML5從入門到精通 (第2版)