Details

Centralized log management helps ensure logs are forensically sound and are available at a central location for auditing and incident investigation.

Rationale:

A centralized logging solution aggregates logs from multiple systems to ensure logs can be referenced in the event systems are thought to be compromised. Centralized log servers are also often used to correlate logs for potential patterns of attack. If a centralized logging solution is not used and systems (and their logs) are believed to be compromised, then logs may not be permitted to be used as evidence.

Solution

To enable central logging for your error logs, add the below line to your server block in your server configuration file. 192.168.2.1 should be replaced with the location of your central log server.

error_log syslog_server=192.168.2.1 info;

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2275

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AU-9(2)
• CSCv7|6.5

Source

• Tenable.com/audits