A system administrator has set up third-party log aggregation agents across several cloud instances. The systems administrator wants to create a dashboard of failed SSH attempts and the usernames used.
Which of the following files should be watched by the agents?
A. /var/log/audit/audit.log
B. /var/log/kern.log
C. /var/log/monitor
D. /etc/rsyslog.conf
“/etc/rsyslog.conf” <- CONFIGURATION file for rsyslog service, you don't need to monitor it for new entries
"/var/log/kern.log" <- log file for KERNEL events, it doesn't monitor login attempts
"/var/log/monitor" -< I don't think it exists?
"/var/log/audit/audit.log" <- most correct answer, these are logs for audit daemon
.. files should be watched by the agents?
A log file