Toggle Side Panel
Close search
Lesson 1 of 0
In Progress

Practical Lab – Simulate & Analyze System Logs Across Operating Systems

Objectives: 

  • Generate basic system events like logins, command usage, and failed attempts.
  • Locate, read, and interpret relevant system logs. 
  • Understand what typical vs. suspicious activity looks like. 

Lab 1: Windows Logging with Event Viewer 

Tasks: 

  1. Trigger Events: 
  • Log out and log back in to the system. 
  • Enter the wrong password 3 times on login screen. 
  • Open Command Prompt as admin and run: 
    • powershell 
    • CopyEdit 
    • whoami /priv 
  1. Open Event Viewer: 
  • Start > Run > eventvwr.msc 
  •  Navigate to: 
  • Windows Logs > Security 
  1. Analyze Logs: 
  • Filter the log: 
  • Filter Current Log > Event IDs: 4624, 4625, 4672 
    • 4624: Successful login 
    • 4625: Failed login 
    • 4672: Special privileges assigned to new logon 
  1. Questions: 
  • Who logged in and when? 
  • Was there a failed login? 
  • Which user ran privileged commands? 

Submission: 

  • Screenshot of filtered Event Viewer logs.
  • Answer to questions above. 

Lab 2: Kali Linux Log Analysis 

Tasks: 

  1. Trigger Events: 
  • Open a terminal and run: 
    • bash 
    • CopyEdit 
    • whoami 
    • sudo ls /root 
  • Enter a wrong sudo password once. 
  • Switch user: 
    • bash 
    • CopyEdit 
    • su – # then exit 
  1. View Logs: 
  • bash 
  • CopyEdit 
  • sudo cat /var/log/auth.log | tail -n 50 
  • sudo grep “sudo” /var/log/auth.log 
  • sudo grep “authentication failure” /var/log/auth.log 
  1. Analyze: 
  • Look for: 
    • Sudo command usage. 
    • Failed password attempts. 
    • Login attempts by su or SSH (if used). 
  1. Questions: 
  • What command did the user try to run as root? 
  • Was sudo successful or failed? 
  • Any suspicious access? 

Submission: 

  • Screenshot or log output. 
  • Answers to the above questions.

Lab 3: macOS Log Inspection 

Tasks: 

  1. Trigger Events: 
  • Log out and back in. 
  • Try using sudo in Terminal with a wrong password. 
  • Install a small app (e.g., from App Store). 
  1. Use Console.app: 
  • Open Console from Applications > Utilities
  • In search bar, type: 
    • login or sudo or fail 
  1. Or use Terminal: 
  • bash 
  • CopyEdit 
  • log show –predicate ‘eventMessage contains “login”‘ –info –last 1h
  • log show –predicate ‘eventMessage contains “sudo”‘ –info –last 1h 
  1. Analyze: 
  • Was sudo used properly? 
  • Any failed login/sudo attempts? 
  • Did the system log app installation? 

Submission: 

  • Console or terminal screenshot. 
  • Short summary of what was found. 

Wrap-Up Questions (All Platforms) 

  • How easy was it to find important log events? 
  • What kind of suspicious behavior can you now detect?
  • How would a system admin use this in real life?

You cannot copy content of this page

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .