nerdexam
GIAC

GCFA · Question #298

GCFA Question #298: Real Exam Question with Answer & Explanation

The correct answer is A. kern.* @192.168.0.1. In syslog.conf, entries follow the format 'facility.priority action'. The 'kern' facility refers specifically to the Linux kernel. The wildcard '' after the dot means all severity/priority levels (emergency, alert, critical, error, warning, notice, info, debug). The '@' symbol fo

Question

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to forward all the kernel messages to the remote host having IP address 192.168.0.1. Which of the following changes will he perform in the syslog.conf file to accomplish the task?

Options

  • Akern.* @192.168.0.1
  • B!. @192.168.0.1
  • C. @192.168.0.1
  • D!kern.* @192.168.0.1

Explanation

In syslog.conf, entries follow the format 'facility.priority action'. The 'kern' facility refers specifically to the Linux kernel. The wildcard '' after the dot means all severity/priority levels (emergency, alert, critical, error, warning, notice, info, debug). The '@' symbol followed by an IP address is the syslog directive to forward log messages to a remote syslog server over UDP. Therefore, 'kern. @192.168.0.1' correctly forwards all kernel messages to the host at 192.168.0.1. Option C ('. @192.168.0.1') would forward ALL messages from ALL facilities - not just kernel. Options B and D use the '!' (negation) prefix, which would exclude the specified facility rather than selecting it, making them semantically incorrect for this task.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFA Practice