Lesson 33: Audit Log

SYSTEM AUDIT LOG

> MODULE 03: COGNITIVE SCANNING & SECURITY

Terminal Vocabulary

Timestamp

/ˈtaɪm.stæmp/ កាលបរិច្ឆេទនិងម៉ោង

The exact date and time an event was recorded.

Authorized

/ˈɔː.θə.raɪzd/ ដែលបានអនុញ្ញាត

Having official permission to do something.

Denied

/dɪˈnaɪd/ ត្រូវបានបដិសេធ

Refused request; not allowed.

Attempt

/əˈtempt/ ការប៉ុនប៉ង

An act of trying to do something.

Malicious

/məˈlɪʃ.əs/ ដែលមានបំណងអាក្រក់

Intending to do harm (like a virus or hacker).

Administrator

/ədˈmɪn.ə.streɪ.t̬ɚ/ អ្នកគ្រប់គ្រងប្រព័ន្ធ

A user with full power to change the system.

Security Logs

server_logs_v2.4.log

access.log

file_system.log

error_report.log

01 10-12 08:30:05 [INFO] User:admin_01 Action:LOGIN Status:SUCCESS IP:192.168.1.1 02 10-12 08:32:10 [INFO] User:manager_sarah Action:LOGIN Status:SUCCESS IP:192.168.1.5 03 10-12 09:15:22 [WARN] User:guest_04 Action:LOGIN_ATTEMPT Status:FAIL (Wrong Password) 04 10-12 09:15:25 [WARN] User:guest_04 Action:LOGIN_ATTEMPT Status:FAIL (Wrong Password) 05 10-12 09:15:30 [CRIT] User:guest_04 Action:LOGIN_RETRY_LIMIT Status:LOCKED_OUT 06 10-12 10:00:00 [INFO] User:auto_bot Action:SYSTEM_PING Status:ACTIVE

01 10-12 08:45:00 [INFO] User:admin_01 Opened File:/payroll/october.xlsx 02 10-12 08:50:12 [INFO] User:manager_sarah Created File:/reports/weekly.doc 03 10-12 11:20:05 [CRIT] User:intern_dave Attempted Delete:/system32/config.sys Result:ACCESS_DENIED 04 10-12 11:22:00 [WARN] System Alert: Sensitive file modification blocked for User:intern_dave

01 10-12 02:00:00 [INFO] Scheduled Backup: Started 02 10-12 02:05:00 [FAIL] Backup Failed: Disk_Full_Error 03 10-12 08:00:00 [WARN] Server Temp: High (75°C) 04 10-12 08:05:00 [OKAY] Server Cooling Fans: Max Speed. Temp Stabilized.

💡 Tip: Click the tabs above (access.log / file_system.log) to see different data.

Investigation Report

1. [access.log] What happened to the user "guest_04"?

2. [file_system.log] Who tried to delete a system file?

3. [error_report.log] Why did the backup fail at 02:05?