CCE-94237-5Platform: cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2019-11-07 (M)2023-07-04 |
To configure rsyslog to send logs to a remote log server,
open '/etc/rsyslog.conf' and read and understand the last section of the file,
which describes the multiple directives necessary to activate remote
logging.
Along with these other directives, the system can be configured
to forward its logs to a particular log server by
adding or correcting one of the following lines,
substituting 'loghost.example.com' appropriately.
The choice of protocol depends on the environment of the system;
although TCP and RELP provide more reliable message delivery,
they may not be supported in all environments.
To use UDP for log message delivery:
'*.* @loghost.example.com'
To use TCP for log message delivery:
'*.* @@loghost.example.com'
To use RELP for log message delivery:
'*.* :omrelp:loghost.example.com'
Parameter:
[log_host_1]
Technical Mechanism:
A log server (loghost) receives syslog messages from one or more
systems. This data can be used as an additional log source in the event
Asystem is compromised and its local logs are suspect. Forwarding log messages
to a remote loghost also provides system administrators with a centralized
place to view the status of multiple hosts within the enterprise.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.3 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:55679 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84014 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72139 |