A systems administrator has set up third-party log aggregation agents across several cloud instances.
The systems administrator wants to create a dashboard of failed SSH attempts and the usernames used.
Which of the following files should be watched by the agents?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The correct answer is A. /var/log/audit/audit.log.
Explanation:
The /var/log/audit/audit.log file contains system audit messages that record system events, including both successful and failed login attempts. It can be used to track failed SSH login attempts and the usernames used.
Option B. /var/log/kern.log is a system log file that records kernel events, including hardware and software errors, kernel messages, and other system-level events. This file is not related to SSH login attempts and usernames used.
Option C. /var/log/monitor is not a standard log file on Linux systems. It is likely a custom log file created by the systems administrator or a third-party application. Without more information, it is impossible to determine if this log file is relevant to SSH login attempts and usernames used.
Option D. /etc/rsyslog.conf is a configuration file for the rsyslog daemon, which is responsible for receiving and forwarding system log messages. It does not contain log data itself and is not related to SSH login attempts and usernames used.
Therefore, the correct file that should be watched by the agents is A. /var/log/audit/audit.log.