This lab teaches students to setup and configure a central RSYSLOG server that will receive and store logs from FreeBSD, Linux and Windows clients.
Students will learn to configure log forwarding on the clients, and log rotation and filtering on the server. They will also learn to use Logwatch to analyze logs and fail2ban to automatically respond to suspicious activity found in the logs.
Prerequisites
Basic networking concepts (TCP/IP, DNS, etc.) and familiarity with the Unix/Linux command line.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: Enterprise Instructional Labs
- Introduction to Cybersecurity Lab Package
- Intrusion Detection and Prevention Lab Package
- Network Monitoring and Reconnaissance Package
- Law Enforcement/Counterintelligence Forensics Analyst 1
- Cyber Defense Forensics Analyst 1
- System Administrator 1
- Cyber Defense Analyst 1
- Vulnerability Assessment Analyst 1
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
