The rsyslog utility supports the ability to send logs it gathers to a remote log host running syslogd(8) or to receive messages from remote hosts, reducing administrative overhead.
Rationale:
Storing log data on a remote host protects log integrity from local attacks. If an attacker gains root access on the local system, they could tamper with or remove log data that is stored on the local system
Fix:
Edit the /etc/rsyslog.conf file and add the following line (where logfile.example.com is the name of your central log host).
*.* @@loghost.example.com
# Execute the following command to restart rsyslogd
# pkill -HUP rsyslogd
Note: The double at sign (@@) directs rsyslog to use TCP to send log messages to the server, which is a more reliable transport mechanism than the default UDP protocol.
[remote log host name]
Edit the /etc/rsyslog.conf file and add the following line (where logfile.example.com is the name of your central log host).
*.* @@loghost.example.com
# Execute the following command to restart rsyslogd
# pkill -HUP rsyslogd
Note: The double at sign (@@) directs rsyslog to use TCP to send log messages to the server, which is a more reliable transport mechanism than the default UDP protocol.
oval:org.secpod.oval:def:92371
oval:org.secpod.oval:def:87276
oval:org.secpod.oval:def:65917
oval:org.secpod.oval:def:85084
SCAP Repo OVAL Definition
2023-08-23