How to Search Log Files

From Irregularpedia
(Redirected from Searching-log-files)
Jump to navigation Jump to search

How to Check and Make Sense of Logs on Different Operating Systems

If you need to go back to the guide, click Cyber Incident Response Guide

Mobile: iOS

Use Analytics & Improvements

  1. Go to Settings > Privacy > Analytics & Improvements.
  2. Select Analytics Data to view system and app logs.

Identify Suspicious Activity

  1. Look for entries such as sysdiagnose or stacks+appName, indicating app crashes or system issues.
  2. Search for terms like privacy, location, or permission to find logs related to privacy settings changes.
  3. Check for any entries with daemon or process indicating background activities.


Mobile: Android

Enable Developer Options

  1. Go to Settings > About phone.
  2. Tap Build number seven times to enable Developer Options.

Access Logs through Developer Options

  1. Go to Settings > System > Developer options.
  2. Scroll to Debugging and select Take bug report or Log viewer.

Check for Suspicious Activity

  1. Look for frequent app crashes or unexpected system behavior in the logs.
  2. Identify any unusual network activities or connection attempts.
  3. Check for logs indicating changes in security settings or permissions granted to unfamiliar apps.
  4. Look for repeated attempts to access secure features or data without authorization.


Windows

Open the Event Viewer

  1. Press the Windows key + R to open the Run dialog box.
  2. Type eventvwr.msc and press Enter.
  3. The Event Viewer will open.

Look for Error or Warning Logs Related to Security

  1. Navigate to Windows Logs > Security.
  2. Sort the logs by Event ID, Level, or Source.
  3. Look for Event IDs:
    • 4624 (successful logon),
    • 4625 (failed logon),
    • 4648 (explicit login).

Search for Suspicious Activity

  1. Look for repeated failed login attempts from the same source IP.
  2. Look for logon attempts from unfamiliar locations or at unusual times.
  3. Look for logs indicating changes to security settings or software.
  4. Look for logs indicating new software installations or changes to existing software.


MacOS

Open Console

  1. Launch the Console application from the Utilities folder within the Applications folder.

Look for Error or Warning Logs Related to Security

  1. Check logs related to security software such as antivirus or firewall.
  2. Search for logs with keywords like error or warning.

Search for Suspicious Activity

  1. Look for repeated failed logon attempts from the same source IP.
  2. Look for logon attempts from unfamiliar locations or at unusual times.
  3. Check logs indicating changes to security settings or software.
  4. Look for logs indicating new software installations or changes to existing software.


Linux

Open Terminal

  1. Launch the Terminal application.

Look for Error or Warning Logs Related to Security

  1. Use the command:
 sudo grep -E 'error|warning' /var/log/auth.log 
 to view security logs.

Check Users

  1. Use the command:
 sudo getent passwd | grep '/home' | cut -d: -f1 
 to see all users with a home directory.
  1. Use the command:
 sudo getent passwd | cut -d: -f1 
 to see all users, even those without a home directory.

Search for Suspicious Activity

  1. Look for repeated failed login attempts from the same source IP.
  2. Look for logon attempts from unfamiliar locations or at unusual times.
  3. Check logs indicating changes to security settings or software.
  4. Look for logs indicating new software installations or changes to existing software.
Retrieved from "https://irregularpedia.org/index.php?title=How_to_Search_Log_Files&oldid=1464"