Which statement correctly describes this rule?

Examine the line from /etc/rsyslog.conf:
Mail.*-/var/log/maillog
Which statement correctly describes this rule?

Examine the line from /etc/rsyslog.conf:
Mail.*-/var/log/maillog
Which statement correctly describes this rule?

A.
The rule name prefix of “-” is tolerated for syslog and syslog.sys compatibility with no impact or
rsyslog behavior regardless of the global directive settings.

B.
The file name prefix of “-” is a way of disabling mail log messages under certain conditions to
/var/log/maillog.

C.
The filename prefix of “-” is a performance enhancement. It stops file syncing on every
message. The log certain will be the same whether a minus prefix is used or not.

D.
The file name prefix of “-” forces file syncing after every message is logged to ensure each
message is written to disk force before attempting to write a subsequent message to the same file.

Explanation:
* # Log all the mail messages in one place.
mail.* -/var/log/maillog
* Example:
To select all kernel syslog messages with any priority, add the following text into the configuration
file:
kern.*
* Example 2:
the following rule is comprised of a selector that selects all cron syslog messages and an action
that saves them into the /var/log/cron.log log file:
cron.* /var/log/cron.log
Note:
* For those files that are controlled by the system logging daemon rsyslogd, the main configuration
file is /etc/rsyslog.conf, which contains global directives, module directives, and rules.
* The main configuration file for rsyslog is /etc/rsyslog.conf. Here, you can specify global
directives, modules, and rules that consist of filter and action parts.
* The most used and well-known way to filter syslog messages is to use the facility/priority-based
filters which filter syslog messages based on two conditions: facility and priority separated by a
comma. To create a selector, use the following syntax:
FACILITY.PRIORITY
where:
FACILITY specifies the subsystem that produces a specific syslog message.
PRIORITY specifies a priority of a syslog message.
You may also use an asterisk (*) to define all facilities or priorities (depending on where you place
the asterisk, before or after the comma).

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

Djuro

Djuro

C is correct

“You may prefix each entry with the minus ‘‘-’’ sign to omit syncing the
file after every logging. Note that you might lose information if the
system crashes right behind a write attempt. Nevertheless this might
give you back some performance, especially if you run programs that use
logging in a very verbose manner.”

Reply