Working individually you will choose five log files.

For each of the logs you should perform the following tasks:

Describe the log

Create a script that may be useful in managing the log

Illustrate why the script would be useful

Create one regular expression that may be useful in analyzing the log

Describe the rules that dictate the pattern of the regular expression

Illustrate why the regular expression would be useful.

(The regular expression should be part of the script)

When describing the log please provide 4 - 5 sample lines and discuss them briefly.

The five logs should be divided as follows:

Three logs generated by the system (for example: daemon, kern, syslog)

Two logs generated by installed applications (for example: mysql,

Here are the five logs:

************ [/var/log/message: General message and system related stuff ] ************

Jul 17 22:04:25 router dnsprobe[276]: dns query failed

Jul 17 22:04:29 router last message repeated 2 times

Jul 17 22:04:29 router dnsprobe[276]: Primary DNS server Is Down... Switching To Secondary DNS server

Jul 17 22:05:08 router dnsprobe[276]: Switching Back To Primary DNS server

Jul 17 22:26:11 debian -- MARK --

Jul 17 22:46:11 debian -- MARK --

Jul 17 22:47:36 router -- MARK --

Jul 17 22:47:36 router dnsprobe[276]: dns query failed

Jul 17 22:47:38 debian kernel: rtc: lost some interrupts at 1024Hz.

Jun 17 22:47:39 debian kernel: IN=eth0 OUT= MAC=00:0f:ea:91:04:07:00:08:5c:00:00:01:08:00 SRC=61.4.218.24 DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21599 DF PROTO=TCP SPT=59297 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

************ [/var/log/auth.log: Authenication log] ************

Aug 18 11:00:57 izxvps sshd[5657]: Failed password for root from 95.58.255.62 port 38980 ssh2

Aug 18 23:08:26 izxvps sshd[5768]: Failed password for root from 91.205.189.15 port 38156 ssh2

Aug 18 23:08:30 izxvps sshd[5770]: Failed password for nobody from 91.205.189.15 port 38556 ssh2

Aug 18 23:08:34 izxvps sshd[5772]: Failed password for invalid user asterisk from 91.205.189.15 port 38864 ssh2

Aug 18 23:08:38 izxvps sshd[5774]: Failed password for invalid user sjobeck from 91.205.189.15 port 39157 ssh2

Aug 18 23:08:42 izxvps sshd[5776]: Failed password for root from 91.205.189.15 port 39467 ssh2

************ [var/log/kern.log: Kernel logs] ************

May 8 03:07:40 chad last message repeated 1585 times

May 8 03:08:40 chad last message repeated 1587 times

May 8 03:08:58 chad last message repeated 527 times

May 8 03:08:58 chad kernel: apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16ac)

May 8 03:08:58 chad kernel: apm: overridden by ACPI.

May 8 03:08:58 chad kernel: APIC error on CPU0: 40(40)

May 8 03:09:29 chad last message repeated 805 times

May 8 03:10:30 chad last message repeated 1709 times

May 8 03:11:31 chad last message repeated 1745 times

May 8 03:12:32 chad last message repeated 1519 times

May 8 03:13:33 chad last message repeated 1479 times

************ [var/log/cron.log: Crond logs (cron job)] ************

Oct 8 22:00:00 dev-db crond[18340]: (root) CMD (/bin/sh /home/root/bin/system_check &)

Oct 8 23:00:00 dev-db crond[20348]: (oracle) CMD (/bin/sh /home/oracle/bin/cleanup.sh &)

Oct 8 23:59:00 dev-db crond[20399]: (john) CMD (/bin/sh /home/john/bin/backup.sh &)

************ [/var/log/maillog: Mail server logs] ************

Aug 5 10:48:25 domU-12-31-39-0B-C4-54 sm-msp-queue[13360]: q71He1xw027248: to=postmaster, delay=3+17:03:10, xdelay=00:00:00, mailer=relay, pri=23074446, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]

Aug 5 10:48:25 domU-12-31-39-0B-C4-54 sm-msp-queue[13308]: q717K1wk024979: to=postmaster, delay=4+03:23:18, xdelay=00:00:00, mailer=relay, pri=25779463, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]

Aug 5 10:48:25 domU-12-31-39-0B-C4-54 sm-msp-queue[13360]: q71He1xx027248: to=postmaster, delay=3+17:03:10, xdelay=00:00:00, mailer=relay, pri=23075343, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]

************ [/var/log/boot.log : System boot log] ************

Thu Jun 21 17:39:18 2012: [....] Setting parameters of disc: (none)^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0c.

Thu Jun 21 17:39:18 2012: [....] Setting preliminary keymap...^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.

Thu Jun 21 17:39:18 2012: [....] Activating swap...^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.

Thu Jun 21 17:39:18 2012: [....] Checking root file system...fsck from util-linux 2.20.1

Thu Jun 21 17:39:18 2012: /dev/md0: clean, 534274/72024064 files, 63548418/288085470 blocks

Thu Jun 21 17:39:18 2012: ^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.

Thu Jun 21 17:39:18 2012: [^[[36minfo^[[39;49m] Loading kernel module loop.

Thu Jun 21 17:39:18 2012: [....] Cleaning up temporary files... /tmp /lib/init/rw^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0c.

Thu Jun 21 17:39:18 2012: mount: according to mtab, tmpfs is already mounted on /run/lock

Thu Jun 21 17:39:18 2012:

Thu Jun 21 17:39:18 2012: mount: according to mtab, tmpfs is already mounted on /run/shm

Thu Jun 21 17:39:18 2012:

Thu Jun 21 17:39:18 2012: [....] Generating udev events for MD arrays...^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.

Thu Jun 21 17:39:18 2012: [....] Setting up LVM Volume Groups...^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.

Thu Jun 21 17:39:19 2012: [....] Activating lvm and md swap...^[[?25l^[[?1c^[7^[[1G[^[[32m ok ^[[39;49m^[8^[[?25h^[[?0cdone.

Thu Jun 21 17:39:19 2012: [....] Checking file systems...fsck from util-linux 2.20.1

************ [/var/log/httpd/httpd.log: Apache access and error logs directory] ************

[Wed Mar 21 11:30:58 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

[Wed Mar 21 11:30:58 2012] [warn] RSA server certificate CommonName (CN) `test8rc1.schtrumpf.com' does NOT match server name!?

[Wed Mar 21 11:30:58 2012] [notice] Digest: generating secret for digest authentication ...

[Wed Mar 21 11:30:58 2012] [notice] Digest: done

[Wed Mar 21 11:31:03 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

[Wed Mar 21 11:31:03 2012] [warn] RSA server certificate CommonName (CN) `test8rc1.schtrumpf.com' does NOT match server name!?

[Wed Mar 21 11:31:04 2012] [notice] Apache configured -- resuming normal operations

[Wed Mar 21 11:32:34 2012] [error] [client 192.168.0.1] File does not exist: /home/e-smith/files/ibays/Primary/html/favicon.ico

[Wed Mar 21 11:32:34 2012] [error] [client 192.168.0.1] File does not exist: /home/e-smith/files/ibays/Primary/html/favicon.ico

[Wed Mar 21 11:32:59 2012] [notice] Graceful restart requested, doing restart

[Wed Mar 21 11:32:59 2012] [notice] Digest: generating secret for digest authentication ...

[Wed Mar 21 11:32:59 2012] [notice] Digest: done

************ [/var/log/daemon.log: Apache access and error logs directory] ************

Feb 11 06:55:51 mamma NetworkManager: starting...

Feb 11 06:55:51 mamma NetworkManager: Trying to start the modem-manager...

Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: init!

Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: update_system_hostname

Feb 11 06:55:51 mamma NetworkManager: SCPluginIfupdown: guessed connection type (eth0) = 802-3-ethernet

Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: update_connection_setting_from_if_block: name:eth0, type:802-3-ethernet,id:Ifupdown (eth0), uuid: 681b428f-beaf-8932-dce4-687ed5bae28e

Feb 11 06:55:51 mamma NetworkManager: SCPluginIfupdown: management mode:unmanaged

Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: devices added (path: /sys/devices/pci0000:00/0000:00:1c.1/0000:40:00.0/net/eth0, iface:eth0)

Feb 11 06:55:51 mamma NetworkManager: SCPluginIfupdown: locking wired connection setting

Feb 11 06:55:51 mamma NetworkManager: Ifupdown: get unmanaged devices count: 1

Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: (141091568) ...get_connections.

Feb 11 06:55:51 mamma NetworkManager: SCPlugin-Ifupdown: (141091568) ...get_connections (managed=false): return empty list.

Feb 11 06:55:51 mamma NetworkManager: Ifupdown: get unmanaged devices