Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Debian 10
System Settings
Configure Syslog
Rsyslog Logs Sent To Remote Host
Ensure Logs Sent To Remote Host
Ensure Logs Sent To Remote Host
An XCCDF Rule
Details
Profiles
Prose
Ensure Logs Sent To Remote Host
Medium Severity
To configure rsyslog to send logs to a remote log server, open
/etc/rsyslog.conf
and read and understand the last section of the file, which describes the multiple directives necessary to activate remote logging. Along with these other directives, the system can be configured to forward its logs to a particular log server by adding or correcting one of the following lines, substituting
appropriately. The choice of protocol depends on the environment of the system; although TCP and RELP provide more reliable message delivery, they may not be supported in all environments.
To use UDP for log message delivery:
*.* @
To use TCP for log message delivery:
*.* @@
To use RELP for log message delivery:
*.* :omrelp:
There must be a resolvable DNS CNAME or Alias record set to "
" for logs to be sent correctly to the centralized logging utility.