This course teaches students how to analyse logs effectively using tools already available to you. The students will be taught how to analyse logs using Python, Powershell and Bash. Using real world examples, you will see how suspicious activity can be inferred from the logs by looking at various parameters.

Students will be introduced to analysis of Apache, Cisco, IIS and Windows event logs.

A non exhaustive list of topics covered:

  • Analysing Cisco and Apache logs using Linux Commands
    • Using cat and grep to get important information
    • How to use awk to analyse logs
    • Using sed, sort and uniq to extract important metrics
  • Using Python for Log Analysis
    • Basics of Python
    • Reading logs using Python
    • Parsing read logs.
  • Utilising Powershell for Windows Log Analysis
    • Basics of Powershell
    • Dumping Event Logs with Powershell
    • Log Analysis with Powershell
  • Intrusion Analysis using Powershell
    • Looking for suspicious data in logs
    • Searching for important keywords in event logs