Lesson 33: Audit Log

_Terminal Lab

Scanning

> SYSTEM_AUDIT_LOG

Module 03: Cognitive Scanning & Security

Lesson Goal: Learn how to read raw computer data to find errors, track user activity, and identify security threats.

Reading the Matrix

Computers record everything that happens in hidden files called System Logs. If a website crashes or a hacker tries to steal a password, the logs will show exactly when and how it happened.

Log files look messy, but they follow a strict pattern. To read them, you must use scanning. You don't read logs like a normal sentence. Instead, your eyes should jump to the timestamps, the User IDs, and the Status codes (like SUCCESS or FAIL).

Go to the next tab to learn the security vocabulary, then practice scanning real server logs in the Practice tab!

Log Data ⏱️

ទិន្នន័យនៃប្រព័ន្ធ

Timestamp /ˈtaɪm.stæmp/ កាលបរិច្ឆេទនិងម៉ោង

Attempt /əˈtempt/ ការប៉ុនប៉ង (សាកល្បង)

Permissions 🔒

សិទ្ធិអនុញ្ញាត

Authorized /ˈɔː.θə.raɪzd/ ដែលបានអនុញ្ញាត

Denied /dɪˈnaɪd/ ត្រូវបានបដិសេធ

Threats ⚠️

ការគំរាមកំហែង

Malicious /məˈlɪʃ.əs/ ដែលមានបំណងអាក្រក់

Administrator /ədˈmɪn.ə.streɪ.t̬ɚ/ អ្នកគ្រប់គ្រងប្រព័ន្ធ

Click the tabs in the terminal window below to investigate the server logs.

server_logs_v2.4.log

access.log

file_system.log

error_report.log

01 10-12 08:30:05 [INFO] User:admin_01 Action:LOGIN Status:SUCCESS IP:192.168.1.1 02 10-12 08:32:10 [INFO] User:manager_sarah Action:LOGIN Status:SUCCESS IP:192.168.1.5 03 10-12 09:15:22 [WARN] User:guest_04 Action:LOGIN_ATTEMPT Status:FAIL (Wrong Password) 04 10-12 09:15:25 [WARN] User:guest_04 Action:LOGIN_ATTEMPT Status:FAIL (Wrong Password) 05 10-12 09:15:30 [CRIT] User:guest_04 Action:LOGIN_RETRY_LIMIT Status:LOCKED_OUT 06 10-12 10:00:00 [INFO] User:auto_bot Action:SYSTEM_PING Status:ACTIVE

01 10-12 08:45:00 [INFO] User:admin_01 Opened File:/payroll/october.xlsx 02 10-12 08:50:12 [INFO] User:manager_sarah Created File:/reports/weekly.doc 03 10-12 11:20:05 [CRIT] User:intern_dave Attempted Delete:/system32/config.sys 04 10-12 11:20:06 [CRIT] Action Status: ACCESS_DENIED 05 10-12 11:22:00 [WARN] System Alert: Sensitive file modification blocked for User:intern_dave

01 10-12 02:00:00 [INFO] Scheduled Backup: Started 02 10-12 02:05:00 [FAIL] Backup Failed: Disk_Full_Error 03 10-12 08:00:00 [WARN] Server Temp: High (75°C) 04 10-12 08:05:00 [OKAY] Server Cooling Fans: Max Speed. Temp Stabilized.

📝 Investigation Report

1. Open [access.log]. What happened to the user "guest_04"?

2. Open [file_system.log]. Who tried to delete a system file?

3. Open [error_report.log]. Why did the backup fail at 02:05?

Real World Tasks

Practice your technical scanning skills!

1. Check your own logs ពិនិត្យមើល "Screen Time" ឬ "Digital Wellbeing" នៅក្នុងទូរស័ព្ទរបស់អ្នក។ តើកម្មវិធីអ្វីដែលអ្នកបានចំណាយពេលប្រើប្រាស់ច្រើនជាងគេនៅថ្ងៃនេះ?

2. Vocab Practice សរសេរប្រយោគភាសាអង់គ្លេសពីរ ដោយប្រើពាក្យ "Denied" និង "Attempt" ។

Excellent! You completed the Audit mission.

Report Copied! Paste it in your class group.