Log Analysis of Linux Systems with Grep and Gawk
CompTIA Security+ (SY601) Domains:
Domain 3.0: Implementation
CompTIA Security+ (SY601) Objectives:
Objective 3.3: Given a scenario, implement secure network designs
CompTIA Linux+ Domain:
Domain 2.0: Systems Operations and Maintenance
CompTIA Linux+ Objective:
Objective 2.3: Given a scenario, create, modify, and redirect files
Overview
In this lab, you will be conducting network log analysis practices using various tools. You will use grep to analyze nmap results. You will also analyze logs in with grep and gawk. FTP logs will be analyzed in this lab. In this lab, you will be conducting network log analysis practices using various tools such as nmap, grep, FTP, and gawk.
outcomes:
In this lab, you will learn to:
- Analyze nmap using grep.
- Analyze logs using grep.
- Analyze logs using gawk.
- Analyze FTP logs.
Key terms and descriptions
nmap
Nmap is a free and open-source network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.
grep
grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. Its name comes from the ed command g/re/p, which has the same effect: doing a global search with the regular expression and printing all matching lines. grep was originally developed for the Unix operating system but later available for all Unix-like systems and some others such as OS-9.
gawk
The gawk utility interprets a special-purpose programming language that makes it possible to handle simple data-reformatting jobs with just a few lines of code.
FTP
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.