Examine this segment of /etc/rsyslog.conf:

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.* /dev/console

# Log anything (except mail) of level info or higher.

# Don’t log private authentication messages!

*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.

authpriv.* /var/log/secure

# Log all the mail messages in one place.

mail.* -/var/log/maillog

# Log cron stuff

cron.* /var/log/cron

# Everybody gets emergency messages

*.emerg :omusrmsg:*

Now examine this log output:

less

Nov 9 20:32:16 server02 sudo[4570]: pam_unix(sudo:session): session opened for user opc (uid=0)

Nov 9 20:32:17 server02 sudo[4570]: pam_unix(sudo:session): session closed

Nov 9 20:32:24 server02 unix_chkpwd[4661]: password check failed for user

Nov 9 20:32:24 server02 su[4581]: pam_unix(su:auth): authentication failed; logname= uid=1000 euid=0 tty=pts/0 ruser=opc rhost= user=root

Which setting enabled the reporting of this log file output?