Home / Practice Game / Log Analysis / Log Analysis CH2
⬅ Back Next ➡

Log Analysis Challenge 2 - Blocks

Accuracy: 100%

Prompt

Cyber Command: We have managed to run into some odd logs. Can you figure out what is going on in them?

Answers

Q1 (5 pts) - What application generated these logs?
Minecraft

Q2 (5 pts) - What game version was the server running?
1.16.3

Q3 (10 pts) - How many unique players joined the server?
4

Q4 (15 pts) - How many times did boneappletea die?
11

Q5 (5 pts) - Who was the player that killed boneappletea?
gardensnek

Q6 (15 pts) - How many chat messages are sent while the server is up?
19

Q7 (20 pts) - Which player got the most advancements?
gardensnek

Q8 (10 pts) - How many advancements did said player get?
12

Q9 (10 pts) - Who was kicked from the server first?
boneappletea

Q10 (5 pts) - Why was said player kicked from the game?
Flying is not enabled on this server

Q11 (10 pts) - What was the error that caused the server to crash?
java.io.IOException

Steps I Took

First thing I did was insert the log file into Copilot. During a gym exercise, I did this for a log, and it actually worked really good. I was unable to get excel/libreoffice to install on my Kali VM for whatever reason. I then had Copilot generate commands to verify the answers before submitting.

Q1 — Application

grep -m1 -i "Starting minecraft server" latest.log

Q2 — Version

grep -oP 'Starting minecraft server version \K.*' latest.log | head -1

Q3 — Unique players who joined

grep 'joined the game' latest.log | awk '{print $4}' | sort -u | wc -l

Q4 — How many times boneappletea died

grep 'boneappletea ' latest.log | grep -E 'was slain by|was shot by|drowned|was blown up by' | wc -l

Q5 — Who killed boneappletea

grep 'boneappletea was slain by' latest.log | awk -F' by ' '{print $2}' | sort | uniq -c

Answer: gardensnek

Q6 — Chat messages sent while server is up

grep -c '\[Server thread/INFO\]: <' latest.log

Q7 & Q8 — Player with most advancements and how many

grep 'has made the advancement' latest.log | awk '{print $4}' | sort | uniq -c | sort -nr | head -1

Then confirm count:

grep -c 'gardensnek has made the advancement' latest.log

Answer: gardensnek with 12 advancements

Q9 — First player kicked

grep 'was kicked' latest.log | head -1 | awk '{print $4}'

Q10 — Why they were kicked

grep 'lost connection:' latest.log | grep 'Flying is not enabled' | head -1

Q11 — Crash error

grep -A1 'Exception handling console input' latest.log

Answer: java.io.IOException