Assessment $2-$ Exercise $4$ Security Auditing $-$ Logging

Demonstrate your understanding of logging and auditing:

a$.$ Briefly discuss and contrast the similar and different approaches to security logging in Windows and in Linux.

Note: Your discussion should be brief and focus on the process of logging$,$ log files, and relevant logging tools. I will expect to see a mention of at least some of the tools $($e$.$g$.,$ Event Viewer, rsyslog, rsyslog.conf, $/$var$/$log etc.$)$ used and discussion about log types, classification of logs$,$ centralized logging vs distributed logging$,$ etc.

b$.$ On a Linux VM$,$ create a log file in $/$var$/$log with your J number $($e$.$g$.,$ J$12345.$log$)$ that collects all security related logs$.$ Set logrotate to rotate all logs$,$ including the new log$,$ every hour. Compress the rotated new log$,$ change its permission to $0700$ and email it to yourself. Document and discuss the process you have taken using some screenshots.