- Learning Network Forensics
- Samir Datt
- 376字
- 2021-07-16 12:58:53
Collecting network logs
All machines on your network are not likely to be Linux; therefore, to keep a balance of things, we will use Windows as an example for this exercise.
To start Event Viewer, click on the start button and write Event Viewer, as shown in the following screenshot:
The Event Viewer will open up as shown in the following screenshot:
Event Viewer stores consists of the following components:
- Custom Views
- Windows Logs
- Applications and Services Logs
The different views stores are as follows:
- Custom Views:
- Administrative Events: This contains the Critical, Error, and Warning events from all administrative logs, as shown in the following screenshot:
- Location Activity: As the name suggests, this contains the location activity, as shown in the following screenshot:
- Administrative Events: This contains the Critical, Error, and Warning events from all administrative logs, as shown in the following screenshot:
- Windows Logs: Windows log stores events from legacy applications and events that apply to the entire system:
- Application: The Application log stores events logged by the applications or programs. For example, a database progmemory might record a file error in the application log. The developers of the progmemory module decide which events to log, as shown in the following screenshot:
- Security: The Security log stores events such as valid and invalid log on attempts as well as events related to resource use, such as creating, opening, or deleting files or other objects. Administrators can specify which events are recorded in the security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the security log, as shown in the following screenshot:
- Setup: The Setup log stores events related to application set up, as shown in the following screenshot:
- System: The System log stores events logged by the Windows system components. For example, the failure of a driver or other system component to load during startup is recorded in the System log. The event types logged by system components are predetermined by Windows, as shown in the following screenshot:
- Forwarded Events: The Forwarded Events logs store events collected from remote computers, as shown in the following screenshot:
- Application: The Application log stores events logged by the applications or programs. For example, a database progmemory might record a file error in the application log. The developers of the progmemory module decide which events to log, as shown in the following screenshot:
- Application and Services Logs: These logs store events from a single application or component rather than events that might have system-wide impact:
- Broadband Wireless LAN:
- Hardware Events:
- Internet Explorer:
- Key Management Services:
- Media Center:
- Windows event logs:
- Broadband Wireless LAN:
推薦閱讀
- Monkey Game Development:Beginner's Guide
- 騰訊iOS測試實踐
- Learning Docker
- Python高級編程
- PHP 編程從入門到實踐
- Apache Mahout Clustering Designs
- QGIS By Example
- Mastering Unity 2D Game Development(Second Edition)
- 持續輕量級Java EE開發:編寫可測試的代碼
- Spring Boot+Vue全棧開發實戰
- 移動增值應用開發技術導論
- 創意UI:Photoshop玩轉APP設計
- Python趣味編程與精彩實例
- HTML5移動Web開發
- Spring Boot從入門到實戰