← Rules Catalog
lowlogging
logging-rsyslog-remoteForward logs to a remote log host
System logs must be forwarded to a central log host so audit records survive compromise of the originating system.
loggingrsyslogforwarding
Frameworks satisfied
- NIST 800-53
- AU-4AU-9
- CIS Benchmark
- 4.2.1.5
Platforms
rhel 8+rhel 9+ubuntu 22+
Check
rsyslog_forwarding_configured
Remediation
rsyslog_config_setpersisted to /etc/rsyslog.d/50-hanalyx-forward.conf