├── Project-1-Apache-Web-Server-Log-Analysis.md ├── Project-2-Syslog-Analysis-on-Linux-Systems.md ├── Project-3-Analyzing-Windows-Event-Logs.md ├── Project-4-Simple-Log-Analysis-with-ELK-Stack.md ├── Project-5-Analyzing Windows Sysmon Events for Security Incidents.md └── README.md /Project-1-Apache-Web-Server-Log-Analysis.md: -------------------------------------------------------------------------------- 1 | # Project 1: Basic Apache Web Server Log Analysis 2 | 3 | ## Introduction 4 | In this project, students will learn the fundamentals of log analysis by working with Apache web server logs. Apache logs are a rich source of information about web traffic and can help identify potential security incidents, usage patterns, and performance issues. By the end of this project, students will be able to extract and interpret valuable information from Apache access and error logs. 5 | 6 | ## Pre-requisites 7 | - Basic understanding of web servers and HTTP protocols 8 | - Familiarity with Linux command line 9 | - Apache web server installed (can be on a local machine or a VM) 10 | 11 | ## Lab Set-up and Tools 12 | - Ubuntu 22.04 or later (or any Linux distribution with Apache installed) 13 | - Apache web server installed and running 14 | - Access to Apache log files (typically located in `/var/log/apache2/`) 15 | 16 | ## Exercises 17 | 18 | ### Exercise 1: Accessing Apache Log Files 19 | 20 | **Steps:** 21 | 22 | 1. Open a terminal on your Linux machine. 23 | 2. Navigate to the Apache log directory: 24 | ```bash 25 | cd /var/log/apache2/ 26 | ``` 27 | 3. List the log files to understand the available logs: 28 | ```bash 29 | ls -l 30 | ``` 31 | 32 | **Expected Output:** 33 | - A list of Apache log files such as `access.log` and `error.log`. 34 | 35 | ### Exercise 2: Understanding Access Logs 36 | 37 | **Steps:** 38 | 39 | 1. Open the access log file using `less` or `cat`: 40 | ```bash 41 | less access.log 42 | ``` 43 | 2. Observe the format of the log entries, which typically include information such as IP address, request timestamp, request method, URL, HTTP status code, and user agent. 44 | 3. Identify a few entries and break down their components. 45 | 46 | **Expected Output:** 47 | - Understanding of the structure of access log entries, including IP addresses, timestamps, request methods, URLs, status codes, and user agents. 48 | 49 | ### Exercise 3: Filtering Log Entries 50 | 51 | **Steps:** 52 | 53 | 1. Use the `grep` command to filter log entries based on specific criteria, such as a particular IP address: 54 | ```bash 55 | grep '192.168.1.100' access.log 56 | ``` 57 | 2. Filter log entries by HTTP status code (e.g., 404 errors): 58 | ```bash 59 | grep ' 404 ' access.log 60 | ``` 61 | 3. Combine filters to extract more specific information, such as 404 errors from a specific IP address: 62 | ```bash 63 | grep '192.168.1.100' access.log | grep ' 404 ' 64 | ``` 65 | 66 | **Expected Output:** 67 | - A filtered list of log entries matching the specified criteria, demonstrating how to extract specific information from log files. 68 | 69 | ### Exercise 4: Analyzing Error Logs 70 | 71 | **Steps:** 72 | 73 | 1. Open the error log file using `less` or `cat`: 74 | ```bash 75 | less error.log 76 | ``` 77 | 2. Identify different types of errors, such as file not found errors, script errors, or permission issues. 78 | 3. Note the timestamps and frequency of errors to understand patterns or recurring issues. 79 | 80 | **Expected Output:** 81 | - Insight into the types of errors logged in the error log, including their causes and frequency. 82 | 83 | ### Exercise 5: Summarizing Log Data 84 | 85 | **Steps:** 86 | 87 | 1. Use the `awk` command to summarize log data, such as counting the number of requests from each IP address: 88 | ```bash 89 | awk '{print $1}' access.log | sort | uniq -c | sort -nr 90 | ``` 91 | 2. Summarize the number of requests per day: 92 | ```bash 93 | awk '{print $4}' access.log | cut -d: -f1 | sort | uniq -c 94 | ``` 95 | 3. Identify the most requested URLs: 96 | ```bash 97 | awk '{print $7}' access.log | sort | uniq -c | sort -nr 98 | ``` 99 | 100 | **Expected Output:** 101 | - Summarized log data showing the number of requests per IP address, the number of requests per day, and the most requested URLs. 102 | 103 | By completing these exercises, students will gain hands-on experience in accessing, filtering, and analyzing Apache web server logs, which are essential skills for identifying security incidents, understanding web traffic patterns, and troubleshooting issues. 104 | -------------------------------------------------------------------------------- /Project-2-Syslog-Analysis-on-Linux-Systems.md: -------------------------------------------------------------------------------- 1 | # Project 2: Introduction to Syslog Analysis on Linux Systems 2 | 3 | ## Introduction 4 | In this project, students will learn the basics of syslog analysis on Linux systems. Syslog is a standard logging protocol used to collect and store log messages from various system processes and applications. By the end of this project, students will be able to configure syslog, access and interpret log files, and analyze log data for troubleshooting and security monitoring. 5 | 6 | ## Pre-requisites 7 | - Basic understanding of Linux system administration 8 | - Familiarity with Linux command line 9 | - A Linux machine (preferably Ubuntu) 10 | 11 | ## Lab Set-up and Tools 12 | - Ubuntu 20.04 or later (or any Linux distribution with syslog configured) 13 | - Access to syslog files (typically located in `/var/log/`) 14 | 15 | ## Exercises 16 | 17 | ### Exercise 1: Understanding Syslog Configuration 18 | 19 | **Steps:** 20 | 21 | 1. Open the syslog configuration file using a text editor: 22 | ```bash 23 | sudo nano /etc/rsyslog.conf 24 | ``` 25 | 2. Review the configuration directives to understand how syslog is set up. 26 | 3. Identify the different logging facilities and their corresponding log files. 27 | 28 | **Expected Output:** 29 | - A basic understanding of the syslog configuration, including logging facilities and their destinations. 30 | 31 | ### Exercise 2: Accessing Syslog Files 32 | 33 | **Steps:** 34 | 35 | 1. Navigate to the syslog directory: 36 | ```bash 37 | cd /var/log/ 38 | ``` 39 | 2. List the available syslog files to understand the different log files generated by the system: 40 | ```bash 41 | ls -l 42 | ``` 43 | 3. Open the main syslog file using `less` or `cat`: 44 | ```bash 45 | less syslog 46 | ``` 47 | 48 | **Expected Output:** 49 | - A list of syslog files, with an initial look at the contents of the main syslog file. 50 | 51 | ### Exercise 3: Filtering Syslog Entries 52 | 53 | **Steps:** 54 | 55 | 1. Use the `grep` command to filter syslog entries based on specific criteria, such as a particular date: 56 | ```bash 57 | grep 'Jun 12' syslog 58 | ``` 59 | 2. Filter log entries by a specific process or service (e.g., sshd): 60 | ```bash 61 | grep 'sshd' syslog 62 | ``` 63 | 3. Combine filters to extract more specific information, such as sshd logins on a particular date: 64 | ```bash 65 | grep 'Jun 12' syslog | grep 'sshd' 66 | ``` 67 | 68 | **Expected Output:** 69 | - A filtered list of syslog entries matching the specified criteria, demonstrating how to extract specific information from log files. 70 | 71 | ### Exercise 4: Analyzing Authentication Logs 72 | 73 | **Steps:** 74 | 75 | 1. Open the authentication log file using `less` or `cat`: 76 | ```bash 77 | less auth.log 78 | ``` 79 | 2. Identify different types of authentication events, such as successful logins, failed login attempts, and user changes. 80 | 3. Note the timestamps, usernames, and source IP addresses for each event. 81 | 82 | **Expected Output:** 83 | - Insight into the types of authentication events logged in the authentication log, including successful and failed login attempts. 84 | 85 | ### Exercise 5: Summarizing Log Data 86 | 87 | **Steps:** 88 | 89 | 1. Use the `awk` command to summarize log data, such as counting the number of login attempts from each IP address: 90 | ```bash 91 | awk '/sshd/ && /Failed password/ {print $11}' auth.log | sort | uniq -c | sort -nr 92 | ``` 93 | 2. Summarize the number of successful logins per user: 94 | ```bash 95 | awk '/sshd/ && /Accepted password/ {print $9}' auth.log | sort | uniq -c | sort -nr 96 | ``` 97 | 3. Identify the most frequent types of syslog messages: 98 | ```bash 99 | awk '{print $6}' syslog | sort | uniq -c | sort -nr 100 | ``` 101 | 102 | **Expected Output:** 103 | - Summarized log data showing the number of login attempts per IP address, successful logins per user, and the most frequent types of syslog messages. 104 | 105 | By completing these exercises, students will gain hands-on experience in accessing, filtering, and analyzing syslog files on Linux systems, which are essential skills for system troubleshooting and security monitoring. 106 | -------------------------------------------------------------------------------- /Project-3-Analyzing-Windows-Event-Logs.md: -------------------------------------------------------------------------------- 1 | # Project 3: Analyzing Windows Event Logs for Security Incidents 2 | 3 | ## Introduction 4 | In this project, students will learn the basics of analyzing Windows Event Logs to detect and investigate security incidents. Windows Event Logs are a valuable source of information about system activities, user actions, and potential security issues. By the end of this project, students will be able to access and interpret event logs, identify security-related events, and use event log analysis to support incident response. 5 | 6 | ## Pre-requisites 7 | - Basic understanding of Windows operating system and administration 8 | - Familiarity with Windows Event Viewer 9 | - A Windows machine (Windows 10 or later) 10 | 11 | ## Lab Set-up and Tools 12 | - Windows 10 or later 13 | - Access to Event Viewer 14 | - [Log Parser Studio](https://www.microsoft.com/en-us/download/details.aspx?id=24659) (for advanced log analysis) 15 | 16 | ## Exercises 17 | 18 | ### Exercise 1: Accessing Windows Event Logs 19 | 20 | **Steps:** 21 | 22 | 1. Open Event Viewer by pressing `Win + R`, typing `eventvwr`, and pressing `Enter`. 23 | 2. In the Event Viewer console, expand "Windows Logs" and select "System". 24 | 3. Review the list of system events to understand the types of logs generated by the operating system. 25 | 26 | **Expected Output:** 27 | - Access to the System event logs, with an understanding of the different types of events recorded. 28 | 29 | ### Exercise 2: Understanding Security Event Logs 30 | 31 | **Steps:** 32 | 33 | 1. In the Event Viewer console, expand "Windows Logs" and select "Security". 34 | 2. Review the list of security events, focusing on events related to logon attempts, account management, and policy changes. 35 | 3. Identify key event IDs that are commonly associated with security incidents (e.g., 4624 for successful logon, 4625 for failed logon). 36 | 37 | **Expected Output:** 38 | - Understanding of the types of events recorded in the Security logs, including logon attempts and account management events. 39 | 40 | ### Exercise 3: Filtering and Searching Event Logs 41 | 42 | **Steps:** 43 | 44 | 1. In Event Viewer, use the "Filter Current Log" option in the right-hand pane. 45 | 2. Filter Security logs to show only events with a specific Event ID (e.g., 4625 for failed logon attempts). 46 | 3. Use the "Find" option to search for events related to a specific user or computer. 47 | 48 | **Expected Output:** 49 | - A filtered view of event logs showing specific security events, demonstrating how to narrow down log data to relevant incidents. 50 | 51 | ### Exercise 4: Analyzing Event Details 52 | 53 | **Steps:** 54 | 55 | 1. Select a security event (e.g., a failed logon attempt) and review the event details. 56 | 2. Note key information such as the date and time, user account involved, source IP address, and any error codes. 57 | 3. Correlate multiple events to understand the sequence of actions (e.g., multiple failed logon attempts followed by a successful logon). 58 | 59 | **Expected Output:** 60 | - Detailed analysis of specific security events, including key information and correlations between related events. 61 | 62 | ### Exercise 5: Advanced Log Analysis with Log Parser Studio 63 | 64 | **Steps:** 65 | 66 | 1. Download and install [Log Parser Studio](https://www.microsoft.com/en-us/download/details.aspx?id=24659). 67 | 2. Open Log Parser Studio and import a sample event log file. 68 | 3. Use built-in queries to analyze log data, such as identifying the top sources of failed logon attempts: 69 | ```sql 70 | SELECT TOP 10 EXTRACT_TOKEN(TextData, 0, ' ') AS EventID, COUNT(*) AS EventCount 71 | FROM '[LOGFILEPATH]' 72 | WHERE EventID = 4625 73 | GROUP BY EventID 74 | ORDER BY EventCount DESC 75 | ``` 76 | 4. Customize and run additional queries to extract specific information from the logs. 77 | 78 | **Expected Output:** 79 | - Advanced analysis of event logs using Log Parser Studio, with queries that extract and summarize key information from security events. 80 | 81 | By completing these exercises, students will gain hands-on experience in accessing, filtering, and analyzing Windows Event Logs to detect and investigate security incidents. These skills are essential for effective incident response and system security monitoring. 82 | -------------------------------------------------------------------------------- /Project-4-Simple-Log-Analysis-with-ELK-Stack.md: -------------------------------------------------------------------------------- 1 | # Project 4: Simple Log Analysis with ELK Stack (Elasticsearch, Logstash, Kibana) 2 | 3 | ## Introduction 4 | In this project, students will learn the basics of log analysis using the ELK Stack, a popular open-source suite for managing and analyzing log data. The ELK Stack consists of Elasticsearch (for storing and searching data), Logstash (for processing and ingesting data), and Kibana (for visualizing data). By the end of this project, students will be able to set up the ELK Stack, ingest log data, and create visualizations to analyze the data. 5 | 6 | ## Pre-requisites 7 | - Basic understanding of log files and log management 8 | - Familiarity with Linux command line 9 | - A Linux machine (preferably Ubuntu 20.04 or later) 10 | - Java installed on the machine 11 | 12 | ## Lab Set-up and Tools 13 | - Ubuntu 20.04 or later 14 | - [Elasticsearch](https://www.elastic.co/downloads/elasticsearch) installed 15 | - [Logstash](https://www.elastic.co/downloads/logstash) installed 16 | - [Kibana](https://www.elastic.co/downloads/kibana) installed 17 | - Sample log files for analysis 18 | 19 | ## Exercises 20 | 21 | ### Exercise 1: Installing Elasticsearch 22 | 23 | **Steps:** 24 | 25 | 1. Download and install Elasticsearch: 26 | ```bash 27 | wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.12.1-amd64.deb 28 | sudo dpkg -i elasticsearch-7.12.1-amd64.deb 29 | ``` 30 | 2. Start the Elasticsearch service: 31 | ```bash 32 | sudo systemctl start elasticsearch 33 | sudo systemctl enable elasticsearch 34 | ``` 35 | 3. Verify that Elasticsearch is running by accessing `http://localhost:9200` in a web browser. 36 | 37 | **Expected Output:** 38 | - Elasticsearch is installed and running, accessible at `http://localhost:9200`. 39 | 40 | ### Exercise 2: Installing Logstash 41 | 42 | **Steps:** 43 | 44 | 1. Download and install Logstash: 45 | ```bash 46 | wget https://artifacts.elastic.co/downloads/logstash/logstash-7.12.1.deb 47 | sudo dpkg -i logstash-7.12.1.deb 48 | ``` 49 | 2. Configure Logstash by creating a configuration file (`logstash-simple.conf`): 50 | ```bash 51 | sudo nano /etc/logstash/conf.d/logstash-simple.conf 52 | ``` 53 | Add the following content to the configuration file: 54 | ```plaintext 55 | input { 56 | file { 57 | path => "/path/to/your/logfile.log" 58 | start_position => "beginning" 59 | } 60 | } 61 | output { 62 | elasticsearch { 63 | hosts => ["localhost:9200"] 64 | } 65 | stdout { codec => rubydebug } 66 | } 67 | ``` 68 | 3. Start the Logstash service: 69 | ```bash 70 | sudo systemctl start logstash 71 | sudo systemctl enable logstash 72 | ``` 73 | 74 | **Expected Output:** 75 | - Logstash is installed and configured to ingest log data and send it to Elasticsearch. 76 | 77 | ### Exercise 3: Installing Kibana 78 | 79 | **Steps:** 80 | 81 | 1. Download and install Kibana: 82 | ```bash 83 | wget https://artifacts.elastic.co/downloads/kibana/kibana-7.12.1-amd64.deb 84 | sudo dpkg -i kibana-7.12.1-amd64.deb 85 | ``` 86 | 2. Start the Kibana service: 87 | ```bash 88 | sudo systemctl start kibana 89 | sudo systemctl enable kibana 90 | ``` 91 | 3. Verify that Kibana is running by accessing `http://localhost:5601` in a web browser. 92 | 93 | **Expected Output:** 94 | - Kibana is installed and running, accessible at `http://localhost:5601`. 95 | 96 | ### Exercise 4: Ingesting Log Data with Logstash 97 | 98 | **Steps:** 99 | 100 | 1. Ensure that the log file specified in `logstash-simple.conf` exists and contains sample log data. 101 | 2. Check the Logstash logs to verify that log data is being ingested: 102 | ```bash 103 | sudo tail -f /var/log/logstash/logstash-plain.log 104 | ``` 105 | 3. Confirm that data is being indexed in Elasticsearch by accessing the Elasticsearch API: 106 | ```bash 107 | curl -X GET "localhost:9200/_cat/indices?v" 108 | ``` 109 | 110 | **Expected Output:** 111 | - Log data is ingested by Logstash and indexed in Elasticsearch, confirmed by checking the indices in Elasticsearch. 112 | 113 | ### Exercise 5: Creating Visualizations in Kibana 114 | 115 | **Steps:** 116 | 117 | 1. Open Kibana in a web browser (`http://localhost:5601`). 118 | 2. Configure an index pattern to match the log data indexed by Logstash: 119 | - Navigate to "Management" > "Kibana" > "Index Patterns". 120 | - Create a new index pattern matching the Logstash index (e.g., `logstash-*`). 121 | 3. Explore the log data in the "Discover" tab to understand the available fields and data. 122 | 4. Create visualizations based on the log data: 123 | - Navigate to "Visualize" > "Create new visualization". 124 | - Choose a visualization type (e.g., bar chart, line graph) and configure it using the log data fields. 125 | 5. Save the visualizations and add them to a new dashboard in Kibana. 126 | 127 | **Expected Output:** 128 | - Visualizations created in Kibana, providing insights into the log data, with a dashboard displaying various visualizations. 129 | 130 | By completing these exercises, students will gain hands-on experience in setting up and using the ELK Stack for log analysis, including installing and configuring Elasticsearch, Logstash, and Kibana, ingesting log data, and creating visualizations to analyze the data. 131 | -------------------------------------------------------------------------------- /Project-5-Analyzing Windows Sysmon Events for Security Incidents.md: -------------------------------------------------------------------------------- 1 | # Lab: Analyzing Windows Sysmon Events for Security Incidents 2 | 3 | ## Introduction 4 | 5 | In this lab, you will learn how to analyze Windows Sysmon (System Monitor) events for security incidents. Sysmon is a powerful Windows system service and device driver that logs system activity to the Windows Event Log, providing detailed information on process creations, network connections, file changes, and more. By examining these logs, you can identify suspicious activities and potential security incidents. 6 | 7 | ## Pre-requisites 8 | 9 | - Basic understanding of Windows operating system and its components. 10 | - Familiarity with basic cybersecurity concepts. 11 | - A computer running Windows 10 or later (virtual machine recommended for safety). 12 | - Internet connection to download necessary tools. 13 | 14 | ## Lab Set-up and Tools 15 | 16 | 1. **Install Sysmon**: 17 | - Download Sysmon from the [Sysinternals website](https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon). 18 | - Extract the downloaded file. 19 | 20 | 2. **Configure Sysmon**: 21 | - Download a Sysmon configuration file. You can use the official SwiftOnSecurity configuration file from [GitHub](https://github.com/SwiftOnSecurity/sysmon-config). 22 | - Open Command Prompt with administrative privileges and navigate to the directory where Sysmon was extracted. 23 | - Install Sysmon with the configuration file: 24 | ```bash 25 | sysmon -accepteula -i sysmonconfig-export.xml 26 | ``` 27 | 28 | 3. **Tools**: 29 | - Sysmon (System Monitor) 30 | - Event Viewer (built-in Windows tool) 31 | - PowerShell (built-in Windows tool) 32 | 33 | ## Exercises 34 | 35 | ### Exercise 1: Verify Sysmon Installation and Configuration 36 | 37 | 1. **Objective**: Ensure that Sysmon is installed and configured correctly. 38 | 39 | 2. **Steps**: 40 | - Open Event Viewer by searching for it in the Start menu. 41 | - Navigate to `Applications and Services Logs -> Microsoft -> Windows -> Sysmon`. 42 | - Check for recent events to confirm that Sysmon is logging events. 43 | 44 | 3. **Expected Output**: 45 | - You should see a series of Sysmon events in the Event Viewer, indicating that Sysmon is actively monitoring the system. 46 | 47 | ### Exercise 2: Analyze Process Creation Events 48 | 49 | 1. **Objective**: Identify suspicious process creation events. 50 | 51 | 2. **Steps**: 52 | - Open Event Viewer and navigate to `Applications and Services Logs -> Microsoft -> Windows -> Sysmon -> Operational`. 53 | - Look for events with `Event ID 1` which indicate process creation. 54 | - Examine the details of the events, paying close attention to: 55 | - Parent process name 56 | - Process name 57 | - Command line arguments 58 | 59 | 3. **Expected Output**: 60 | - Identify any unusual or unexpected processes, such as unknown executables or processes started with suspicious command line arguments. 61 | 62 | ### Exercise 3: Monitor Network Connections 63 | 64 | 1. **Objective**: Detect suspicious network connections. 65 | 66 | 2. **Steps**: 67 | - In Event Viewer, navigate to `Applications and Services Logs -> Microsoft -> Windows -> Sysmon -> Operational`. 68 | - Look for events with `Event ID 3` which indicate network connections. 69 | - Review the details of the events, focusing on: 70 | - Source IP and port 71 | - Destination IP and port 72 | - Process responsible for the connection 73 | 74 | 3. **Expected Output**: 75 | - Identify any connections to known malicious IP addresses or unexpected external connections. 76 | 77 | ### Exercise 4: Investigate File Creation Events 78 | 79 | 1. **Objective**: Track down suspicious file creation activities. 80 | 81 | 2. **Steps**: 82 | - In Event Viewer, navigate to `Applications and Services Logs -> Microsoft -> Windows -> Sysmon -> Operational`. 83 | - Look for events with `Event ID 11` which indicate file creation. 84 | - Check the details of the events, including: 85 | - File path 86 | - File name 87 | - Process that created the file 88 | 89 | 3. **Expected Output**: 90 | - Detect any unusual file creation events, especially in sensitive directories or by untrusted processes. 91 | 92 | ### Exercise 5: Detecting Image Load Events 93 | 94 | 1. **Objective**: Identify suspicious DLL or EXE image load activities. 95 | 96 | 2. **Steps**: 97 | - In Event Viewer, navigate to `Applications and Services Logs -> Microsoft -> Windows -> Sysmon -> Operational`. 98 | - Look for events with `Event ID 7` which indicate image load. 99 | - Analyze the details of the events, including: 100 | - Image path 101 | - Process that loaded the image 102 | 103 | 3. **Expected Output**: 104 | - Uncover any unexpected or unauthorized image loads that could indicate malicious activity, such as DLL injection. 105 | 106 | ## Conclusion 107 | 108 | By completing these exercises, you should now have a basic understanding of how to use Sysmon and Event Viewer to monitor and analyze Windows events for potential security incidents. Regular monitoring and analysis of Sysmon logs can significantly enhance your ability to detect and respond to suspicious activities on Windows systems. 109 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Log-Analysis-Projects-for-Beginners 2 | 3 | Welcome to the Cybersecurity Training Projects repository! This repository contains hands-on projects designed for beginners to learn and practice essential cybersecurity skills, focusing on vulnerability management, incident response, and log analysis. 4 | 5 | ## Introduction 6 | 7 | In today's digital age, cybersecurity is a critical skill for IT professionals. These projects aim to provide a practical and comprehensive learning experience for those looking to enhance their cybersecurity knowledge and capabilities. Each project includes detailed steps, exercises, and expected outcomes to guide you through the learning process. 8 | 9 | ## Projects 10 | 11 | 1. [Basic Apache Web Server Log Analysis](https://github.com/0xrajneesh/Log-Analysis-Projects-for-Beginners/blob/main/Project-1-Apache-Web-Server-Log-Analysis.md) 12 | 2. [Introduction to Syslog Analysis on Linux Systems](https://github.com/0xrajneesh/Log-Analysis-Projects-for-Beginners/blob/main/Project-2-Syslog-Analysis-on-Linux-Systems.md) 13 | 3. [Analyzing Windows Event Logs for Security Incidents](https://github.com/0xrajneesh/Log-Analysis-Projects-for-Beginners/blob/main/Project-3-Analyzing-Windows-Event-Logs.md) 14 | 4. [Simple Log Analysis with ELK Stack (Elasticsearch, Logstash, Kibana)](https://github.com/0xrajneesh/Log-Analysis-Projects-for-Beginners/blob/main/Project-4-Simple-Log-Analysis-with-ELK-Stack.md) 15 | 5. [Fundamentals of Using Windows Sysinternals Tools for Incident Response](https://github.com/0xrajneesh/Log-Analysis-Projects-for-Beginners/blob/main/Project-5-Windows-Sysinternals-Tools-for-Incident-Response.md) 16 | 17 | ## Getting Started 18 | 19 | To get started with these projects, follow these steps: 20 | 21 | 1. Clone the repository to your local machine: 22 | ```bash 23 | git clone https://github.com/0xrajneesh/Log-Analysis-Projects-for-Beginners.git 24 | cd Log-Analysis-Projects-for-Beginners 25 | ``` 26 | 27 | 2. Navigate to the project you want to work on and follow the instructions provided in the respective project files 28 | 29 | 3. Ensure you meet the pre-requisites and have the necessary tools and setup as described in each project. 30 | 31 | ## About Me 32 | 33 | I am a cybersecurity trainer with a passion for teaching and helping others learn essential cybersecurity skills through practical, hands-on projects. Connect with me on social media for more updates and resources: 34 | 35 | [![YouTube](https://img.icons8.com/fluent/48/000000/youtube-play.png)](https://www.youtube.com/@rajneeshcyber 36 | [![LinkedIn](https://img.icons8.com/fluent/48/000000/linkedin.png)](https://www.linkedin.com/in/rajneeshcyber) 37 | [![Twitter](https://img.icons8.com/fluent/48/000000/twitter.png)](https://twitter.com/rajneeshcyber) 38 | 39 | Feel free to reach out with any questions or feedback. Happy learning! 40 | 41 | ## License 42 | 43 | This repository is licensed under the MIT License. See the [LICENSE](LICENSE) file for more details. 44 | --------------------------------------------------------------------------------