23 thoughts on “Which type of log is this an example of?”
Syslog has the folowing fields in an NMS: Source, Message, Hostname, Timestamp (Device), Severity, Tag, Facility, App Name, Proc Id, Msg Id…. Syslog has ONLY has Destination information in the “Message” there is no field used for that. If Syslog had the “Dest. ” it would always be the same (Syslog server IP). Soo its: D (IDS log)
You also see the 5-tuple in IPS events, NetFlow records, and
other event data. In fact, on the exam you may need to differentiate
between a firewall log versus a traditional IPS or IDS event. One
of the things to remember is that traditional IDS and IPS use
signatures, so an easy way to differentiate is by looking for a
signature ID (SigID). If you see a signature ID, then most
definitely the event is a traditional IPS or IDS event.
That is correct but it is valid when we compare IPS/IDS logs with firewall logs. In the specific case i think that we see a syslog log, because of the severity tab
thank you..because the answer is definately D….I am looking at it that someone may actually say the answer is Netflow Log because of the some of the components of the 5-tuple that the Netflow supports and the like…some can say the severity which all they say is true but everything changes when the SigID comes into play,… you cannot have a SysLog with a SigID or a a Netflow with a SigID which leaves us with the best answer D…
#ExamTip……when u come across such questions its important you use the art of ELIMINATION….
Syslog has the folowing fields in an NMS: Source, Message, Hostname, Timestamp (Device), Severity, Tag, Facility, App Name, Proc Id, Msg Id…. Syslog has ONLY has Destination information in the “Message” there is no field used for that. If Syslog had the “Dest. ” it would always be the same (Syslog server IP). Soo its: D (IDS log)
cross checking with some other dumps and it is IDS
Please help with new questions if you have i will be taking my exam very soon thanks
Today, I took the test, 95% of the questions are new. only 3 or 4 questions were from VCE
Do you remember some of the new questions?
Hi Janooo,
What dumps did you use? Could you please share it to me? I will be taking the exam on Wednesday.
[email protected]
thanks,
Hi Janooo
Kindly share your dumps with me (glori4specials(at)gmail.com)….. please I had to make the @ spelt out so it would be visible.
Thanks
D: sure
IDS log include severity as well.
https://www.first.org/resources/papers/conference2007/nystrom-martin-slides.pdf
page 12 26 show Cisco IDS logs that include both Sev and Sig.
Other sources say that it is “D” and I agree with CiscoKid.
You also see the 5-tuple in IPS events, NetFlow records, and
other event data. In fact, on the exam you may need to differentiate
between a firewall log versus a traditional IPS or IDS event. One
of the things to remember is that traditional IDS and IPS use
signatures, so an easy way to differentiate is by looking for a
signature ID (SigID). If you see a signature ID, then most
definitely the event is a traditional IPS or IDS event.
I copied this from chapter 9 in the Cisco Cyber Ops SECOPS Cert guide book.
That is correct but it is valid when we compare IPS/IDS logs with firewall logs. In the specific case i think that we see a syslog log, because of the severity tab
It contains SigID is and IDS/IPS
thank you..because the answer is definately D….I am looking at it that someone may actually say the answer is Netflow Log because of the some of the components of the 5-tuple that the Netflow supports and the like…some can say the severity which all they say is true but everything changes when the SigID comes into play,… you cannot have a SysLog with a SigID or a a Netflow with a SigID which leaves us with the best answer D…
#ExamTip……when u come across such questions its important you use the art of ELIMINATION….
Thanks!!!
A.Syslog because of the Severity
the answer may be D check the link:
http://ipcop.org/1.4.0/en/admin/html/logs.html
Its syslog.because of severity level and for IDS log it has to be Snort ID not SIg id.
IDS log option D. Just because of SigID
A – syslog
IDS log
A. Syslog
Syslogs include levels of severity (ala traps)
https://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-1/user/guide/CSMUserGuide_wrapper/rtlogng.pdf
D. IDS log
Hasan, do you have extra material for SECOPS share via email. [email protected]