Certified SOC Analyst (CSA) — Question 44

Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

Answer options

• A. $ tailf /var/log/sys/kern.log
• B. $ tailf /var/log/kern.log
• C. # tailf /var/log/messages
• D. # tailf /var/log/sys/messages

Correct answer: B

Explanation

The correct answer is B, as the command '$ tailf /var/log/kern.log' is specifically used to view kernel logs, which include iptables logs on Ubuntu and Debian systems. Option A refers to a different log path that may not exist on all systems, while options C and D point to the messages log, which does not contain iptables logs by default.