Using Python How Do You Print Log Entries for a Given Time Range?

Problem scenario
Using Python, you want to parse a log file. You want to print out entries that have a datetime stamp that are within 24 hours of a given date.

The log file is in this format:

Sep 18 07:28:11 server1 sshd[29284]: Received disconnect from 115.52.17.109 port 46970:11: Bye Bye [preauth]
Sep 18 07:28:11 server1 sshd[29284]: Disconnected from 115.52.17.109 port 46970 [preauth]
Sep 18 07:28:11 server1 sshd[29282]: Failed password for root from 51.10.7.109 port 24844 ssh2
Sep 18 07:28:13 server1 sshd[29287]: pam_unix(sshd:auth): authentication failure; …

How Do You Write a Python Program to Extract Lines of a Specific Date?

Problem scenario:
You have a log like this:

Sep 18 07:28:11 server1 sshd[29284]: Received disconnect from 125.52.17.109 port 46970:11: Bye Bye [preauth]
Sep 18 07:28:11 server1 sshd[29284]: Disconnected from 125.52.17.109 port 46970 [preauth]
Sep 18 07:28:11 server1 sshd[29282]: Failed password for root from 51.12.19.109 port 24844 ssh2
Sep 18 07:28:13 server1 sshd[29287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.155.214 user=root
Sep 18 07:28:13 server1 sshd[29282]: Failed password for root from 51.12.19.109 port 24844 ssh2
Sep 18 07:28:14 server1 sshd[29282]: Received disconnect from 51.12.19.109 port 24844:11: [preauth]
Sep 18 07:28:14 server1 sshd[29282]: Disconnected from 51.12.19.109 port 24844 [preauth]
Sep 18 07:28:14 server1 sshd[29282]: PAM 2 more authentication failures; …

How Do You Write a Python Program to Parse a Log File and Return Lines with the Word “Failed”?

Problem scenario
You want to retrieve lines from a log file with the word “failed”. How do you do this with Python?

Solution

Assuming the log file is named “auth.log”, this will work:

log_reader = open(‘auth.log’, ‘r’)
for line in log_reader:
lower_line = line.lower()
if lower_line.find(“failed”) != -1:
print(line) …

How Do You Search the Logs of a Website that Is Not Functioning Properly?

Problem scenario
You have a website that is not working. You tried using Fiddler on the front-end. You want to examine the logs on the backend to find the problem. What should you do?

Possible Solution #1
Use a case insensitive grep for “error” or “violation”. Search also for patterns such as “40” and “50” in separate searches.

To get help finding the logs,

Is It a Best/Recommended Practice to Use Log4j?

Problem scenario
You are not sure if Log4j is acceptable to use. It is a best/recommended practice to use Log4j?

Answer
Maybe.

Log4j has been well-adopted by many of the most trusted companies in the I.T. industry. According to cybersecuritydive.com “Fortinet, IBM, Microsoft, Red Hat, Salesforce, and Siemens” use(d) Log4j. Log4j has been vulnerable since 2013 (according to this external website).

How Do You Get a Memory Dump of a Specific Process in Windows?

Problem scenario
You want to generate and retrieve a memory dump of a specific process on a Windows server. How to you take or get a memory dump of a given process?

Solution
1. Launch Task Manager as Administrator. Search for Task Manager and right click it and go to “Run as Administrator”

2. Go to “Create dump file”

3.

What Can Cause an Application to Run Slowly?

Problem scenario
You support an existing application and its servers. It is experiencing slowness as the users are complaining about its performance. What are some potential root causes of this slowness?

Possible Solutions

  • The slowness is caused by the client. A user’s workstation has something wrong with it (e.g., malware, or it is trying to run too many applications at once).

Where Are The SSH Logs in Fedora?

Problem scenario
You are trying to find the SSH logs in Fedora. Where should you look?

Possible solution #1
/var/log/secure/

Possible solution #2
Check these locations:
/var/log/ssh/
/var/log/auth.log

Possible solution #3
/var/log/messages
(Many other applications write to this file besides SSH.)

Possible solution #4
They could be stored in binary format in /var/log/journal/ …

Run this command: journalctl -u sshd
Look at the output.

How Do You Configure Nginx to Listen to Messages Sent via HTTP?

Problem scenario
You have Nginx configured. The access logs never pick up any POST message content. You get 405 error messages. What do you do?

Solution
This will send a message payload — but not via POST. It may not work for your situation. To get a message to be sent to a website (a listening web service), craft a URL that does not necessarily exist,

How Can You Use CloudTrail for the First Time in Your AWS Account?

Problem scenario
You want to log or monitor AWS activity (e.g., AWS Management Console, AWS CLI, and/or AWS SDK actions). You do not want encryption because you are just testing it out. How do you use CloudTrail to do this?

Solution

  1. Log into AWS.
  2. Go to this link: https://console.aws.amazon.com/cloudtrail/
  3. Click “Create a trail”
  4. Enter a descriptive name for your trail.