Logs
Looking at logs takes time but can lead to valuable information.
Windows
Windows Event Logs
- WikipediaWindows logs a lot of information. It can be read using
mmc.exe
, under “Windows Logs”.The categories are:
Category Description Application Programs (started, stopped …) Security Security events (login, logout, …) System Changes to system (boot, shutdown, peripherals …) Setup System maintenance (update logs, …)
Linux
Linux logs
- WikipediaLinux logs are stored in
/var/log/
. The most important ones are:File Description auth.log
orsecure
Authentication events (login, logout, …) syslog
ormessages
General messages (system wide) dpkg.log
Package management kern.log
Kernel messages btmp
Failed login attempts wtmp
Login/logout history lastlog
Last login for each user btmp
,wtmp
andlastlog
can be read usinglast <file>
Other applications can have their own logs in /var/logs.
Apache
Apache logs
- WebsiteApache logs are often stored in
/var/log/apache2/
. The most important ones are:File Description access.log
HTTP requests error.log
HTTP errors other_vhosts_access.log
HTTP requests from other virtual hosts access.log
can be read usingtail -f <file>
or withgrep
to filter the logs.It can also be imported into a pandas dataframe using this snippet:
# Read access.log file df = pd.read_csv(filename, sep=r'\s(?=(?:[^"]*"[^"]*")*[^"]*$)(?![^\[]*\])', engine='python', usecols=[0, 3, 4, 5, 6, 7, 8], names=['ip', 'datetime', 'request', 'status', 'size', 'referer', 'user_agent'], na_values='-', header=None ) # Extract the date from the datetime column df['date'] = df['datetime'].str.extract(r'\[(.*?):', expand=True) # Extract the time from the datetime column df['time'] = df['datetime'].str.extract(r':(.*?)\s', expand=True)