# Day 17

#### Task 23 — Log analysis Day 17: He analyzed and analyzed till his analyzer was sore! <a href="#id-77fb" id="id-77fb"></a>

**1. Extract all the events from the cctv\_feed logs. How many logs were captured associated with the successful login?**

Use the Below command to search for logs regarding successful login `index=cctv_feed *success*`

```makefile
CopyAns: 642
```

**2. What is the Session\_id associated with the attacker who deleted the recording?**

Use this command to get the session\_id of the user who deleted the recording — `index=cctv_feed *delete*`

```makefile
CopyAns: rij5uu4gt204q0d3eb7jj86okt
```

**3. What is the name of the attacker found in the logs, who deleted the CCTV footage?**

Search Query to get the name of the attacker — `index=cctv_feed *malware*`

```makefile
CopyAns: mmalware
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://foothold.gitbook.io/blog/advent-of-cyber-2024/day-17.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.