Overview
Learning Outcomes:
In this module, you will complete the following exercises:
- Exercise 1 – Configuring System Logging
- Exercise 2 – Using Tcpdump and Logging
- Exercise 3 – Capturing Packets with Wireshark
- Exercise 4 – Work with Logs in Windows
After completing this module, you should be able to:
- View the Syslog Daemon Configuration
- View the Configuration of Logrotate
- Check Boot Events in the Log Files
- Use Tcpdump
- Know the Key Locations for Logging
- Capture Traffic Information
- Analyze Captured Information
- Display Capture Information with Wireshark
- View Packet Capture Logs
- Access the Event Viewer Logs
- Enable Windows Defender Firewall Logs
After completing this module, you should have further knowledge of:
- NXLog
- Syslog-ng
- Log Retention
- Bandwidth Monitors
- Netflow Protocol
- Metadata Properties
- Security Information and Event Management (SIEM)
- Log Aggregation
- Event Trends
- Alerts
- Event Correlation
Exam Objectives:
The following exam objectives are covered in this lab:
4.3 Given an incident, utilize appropriate data sources to support an investigation.
- Vulnerability Scan Output
- SIEM Dashboards
- Log Files
- Syslog/Rsyslog/Syslog-ng
- Journalctl
- Nxlog
- Retention
- Bandwidth Monitors
- Metadata
- Netflow/sflow
- Protocol Analyzer Output
Note: Our main focus is to cover the practical, hands-on aspects of the exam objectives. We recommend referring to course material or a search engine to research theoretical topics in more detail.