{"description": "The file /etc/rsyslog.conf controls where log message are written.\nThese are controlled by lines called rules, which consist of a\nselector and an action.\nThese rules are often customized depending on the role of the system, the\nrequirements of the environment, and whatever may enable\nthe administrator to most effectively make use of log data.\nThe default rules in Ubuntu 22.04 are:\n*.info;mail.none;authpriv.none;cron.none /var/log/messages\nauthpriv.* /var/log/secure\nmail.* -/var/log/maillog\ncron.* /var/log/cron\n*.emerg *\nuucp,news.crit /var/log/spooler\nlocal7.* /var/log/boot.log
\nSee the man page rsyslog.conf(5) for more information.\nNote that the rsyslog daemon can be configured to use a timestamp format that\nsome log processing programs may not understand. If this occurs,\nedit the file /etc/rsyslog.conf and add or edit the following line:\n$ ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
", "warnings": [], "requires": [], "conflicts": [], "values": ["file_owner_logfiles_value"], "groups": {}, "rules": ["rsyslog_cron_logging", "rsyslog_encrypt_offload_actionsendstreamdriverauthmode", "rsyslog_encrypt_offload_actionsendstreamdrivermode", "rsyslog_encrypt_offload_defaultnetstreamdriver", "rsyslog_files_groupownership", "rsyslog_files_ownership", "rsyslog_files_permissions", "rsyslog_logging_configured", "rsyslog_remote_access_monitoring"], "platform": "package[rsyslog]", "platforms": ["package[rsyslog]"], "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_rsyslog"], "title": "Ensure Proper Configuration of Log Files", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/group.yml"}