Details
In addition to local logging, remote logging can be enabled for internal computers on trusted networks. Local logs can be altered if the computer is compromised. Remote logging mitigates the risk of having the logs altered.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Perform the following to implement the prescribed state:
Run the following command in Terminal:
sudo pico /etc/syslog.conf
Add the following line to the top of the file, replacing ‘your.log.server’ with the name or IP address of the log server, and keeping all other lines intact. *.* @your.log.server
Exit, saving changes.
Reboot the system.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.