{"description": "The syslog service has been the default Unix logging mechanism for\nmany years. It has a number of downsides, including inconsistent log format,\nlack of authentication for received messages, and lack of authentication,\nencryption, or reliable transport for messages sent over a network. However,\ndue to its long history, syslog is a de facto standard which is supported by\nalmost all Unix applications.\n<br />\n<br />\nIn Ubuntu 22.04, rsyslog has replaced ksyslogd as the\nsyslog daemon of choice, and it includes some additional security features\nsuch as reliable, connection-oriented (i.e. TCP) transmission of logs, the\noption to log to database formats, and the encryption of log data en route to\na central logging server.\nThis section discusses how to configure rsyslog for\nbest effect, and how to use tools provided with the system to maintain and\nmonitor logs.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": ["configure_logwatch_on_logserver", "ensure_rsyslog_log_file_configuration", "journald", "log_rotation", "rsyslog_accepting_remote_messages", "rsyslog_sending_messages"], "rules": ["disable_logwatch_for_logserver", "ensure_journald_and_rsyslog_not_active_together", "ensure_rtc_utc_configuration", "logging_services_active", "package_rsyslog-gnutls_installed", "package_rsyslog_installed", "rsyslog_filecreatemode", "service_rsyslog_enabled"], "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "title": "Configure Syslog", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/logging/group.yml"}