Can you find evidence of that in the log entries shown above? If so in what lines? Explain.
Operating system log file example
a. Stored under /var/log, the messages file stores various system events. The connection of new USB drive, a network card becoming available, and too many missed root login attempts, are a few examples of events logged to the /var/log/messages file. Use the more command to display the contents of the /var/log/messages file. Unlike the cat command, more allows for a paced navigation through the file. Press ENTER to advance line-by-line or SPACE to advance an entire page. Press q or CTRL + C to abort and exit more. Your entries will be different than the output shown below.
[analyst@secOps ~]$ sudo more /var/log/messages
[sudo] password for analyst:
Mar 20 08:34:38 secOps kernel: [ 6.149910] random: crng init done
Mar 20 08:34:40 secOps kernel: [ 8.280667] floppy0: no floppy controllers found
Mar 20 08:34:40 secOps kernel: [ 8.280724] work still pending
Mar 20 08:35:16 secOps kernel: [ 44.414695] hrtimer: interrupt took 5346452
ns
Mar 20 14:28:29 secOps kernel: [21239.566409] pcnet32 0000:00:03.0 enp0s3: link
down
Mar 20 14:28:33 secOps kernel: [21243.404646] pcnet32 0000:00:03.0 enp0s3: link
up, 100Mbps, full-duplex
Mar 20 14:28:35 secOps kernel: [21245.536961] pcnet32 0000:00:03.0 enp0s3: link
down
Mar 20 14:28:43 secOps kernel: [21253.427459] pcnet32 0000:00:03.0 enp0s3: link
up, 100Mbps, full-duplex
Mar 20 14:28:53 secOps kernel: [21263.449480] pcnet32 0000:00:03.0 enp0s3: link
down
Mar 20 14:28:57 secOps kernel: [21267.500152] pcnet32 0000:00:03.0 enp0s3: link
up, 100Mbps, full-duplex
Mar 20 14:29:01 secOps kernel: [21271.551499] pcnet32 0000:00:03.0 enp0s3: link
down
Mar 20 14:29:05 secOps kernel: [21275.389707] pcnet32 0000:00:03.0 enp0s3: link
up, 100Mbps, full-duplex
Mar 22 06:01:40 secOps kernel: [ 0.000000] Linux version 4.8.12-2-ARCH
(builduser@andyrtr) (gcc version 6.2.1 20160830 (GCC) ) #1 SMP PREEMPT Fri Dec
2 20:41:47 CET 2016
Mar 22 06:01:40 secOps kernel: [ 0.000000] x86/fpu: Supporting XSAVE feature
0x001: 'x87 floating point registers'
Mar 22 06:01:40 secOps kernel: [ 0.000000] x86/fpu: Supporting XSAVE feature
0x002: 'SSE registers'
Mar 22 06:01:40 secOps kernel: [ 0.000000] x86/fpu: Supporting XSAVE feature
0x004: 'AVX registers'
Mar 22 06:01:40 secOps kernel: [ 0.000000] x86/fpu: xstate_offset[2]: 576,
xstate_sizes[2]: 256
Mar 22 06:01:40 secOps kernel: [ 0.000000] x86/fpu: Enabled xstate features
0x7, context size is 832 bytes, using 'standard' format.
Mar 22 06:01:40 secOps kernel: [ 0.000000] x86/fpu: Using 'eager' FPU context
switches.
Notice that the events listed above are very different from the web server events. Because the operating system itself is generating this log, all recorded events are in relation to the OS itself.
b. If necessary, enter Ctrl + C to exit out of the previous command.
c. Log files are very important for troubleshooting. Assume that a user of that specific system reported that all network operations were slow around 2:30pm.
On Wednesday, March 20, 14:28:33 through 14:29:05 (lines 5 – 12) the network card was flapping (switching from up to down quickly). The log entries clearly confirm the user report.
You might also like to view...
When using a command line interface, there are many commands to be learned, and each command has its own __________, much like a programming language.
Fill in the blank(s) with the appropriate word(s).
Extrapolation occurs when a trend line is extended beyond the known data
Indicate whether the statement is true or false
A(n) ________ is legal protection for inventions
Fill in the blank(s) with correct word
A(n) ____ option is a special set of characters added to the end of the path name to a database which execute a command when the database file is opened.
Fill in the blank(s) with the appropriate word(s).