Not able to run the linux script on basic log analysis

Another username was observed authenticating from the same IP address as one of those associated with the “william.johnson”?

please any help will be appreciated

Hi @Isioma_Otuya973 what command have you used?

Thank you so much for getting back to me ,
so i ran this code in bracket ( wc -l challenge.log.1) which is suppose to give me the count number of lines that is contained in the challenge.log.1 file which gives me 387 but it keep sayin the answer is wrong.

so i’m able to run( egrep “william.johnson” challenge.log.1) to get How many different IP addresses can be found in login records that contain the username “william.johnson”? which is 4

so the challenge is which code to get the questions bellow
Another username was observed authenticating from the same IP address as one of those associated with the “william.johnson”?


I checked using both wc and vi and the answer is 387. For some reason 388 was in the answer key. I have changed it to 387.

that is really disappointing because i have been stuck on this for about two days now and cant move forward. now that brings me to the fear of continuing if incase i run into this issue again. I suggest to please have the back end correct all answers to avoid speed and delay/ discouragement… thanks

Mistakes happen, sadly. Thanks for surfacing this.

yeah you right …
please i’m facing another challenge on SIEM Basics

question: What was the total number of login attempts for a non-existent user?
Answer: when i run this query (full_log:“non-existing user”)
it gives = there is no result for the selected time range , try another one. and its stuck there and not even going back to main dashboard. so i cant even do anything untill i run the right rule… please i need help to guid me thanks

That phrasing “non-existent user” is not found in the full log, but it is found in the rule.description. I did just check that the answer for the challenge are correct, so you have no worry there.

thank you, also i have issue on the guided exercise for this (full_log:“Failed password for root” AND rule.description:“sshd: authentication failed.”) it always gives me an error. also relating the challenge part when i try to run the lab, its giving me status 400 back to back… i have signed out and refreshed but it keep saying status code 400… this is another lab that doing same thing on lab using SIEM to Read Analysis. how do i resolve this please "i’m getting frustrated ?