UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The operating system must support the requirement to centrally manage the content of audit records generated by organization defined information system components.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38521 RHEL-06-000137 SV-50322r1_rule Medium
Description
A log server (loghost) receives syslog messages from one or more systems. This data can be used as an additional log source in the event a system is compromised and its local logs are suspect. Forwarding log messages to a remote loghost also provides system administrators with a centralized place to view the status of multiple hosts within the enterprise.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2017-04-28

Details

Check Text ( None )
None
Fix Text (F-43656r1_fix)
To configure rsyslog to send logs to a remote log server, open "/etc/rsyslog.conf" and read and understand the last section of the file, which describes the multiple directives necessary to activate remote logging. Along with these other directives, the system can be configured to forward its logs to a particular log server by adding or correcting one of the following lines, substituting "[loghost.example.com]" appropriately. The choice of protocol depends on the environment of the system; although TCP and RELP provide more reliable message delivery, they may not be supported in all environments.
To use UDP for log message delivery:

*.* @[loghost.example.com]


To use TCP for log message delivery:

*.* @@[loghost.example.com]


To use RELP for log message delivery:

*.* :omrelp:[loghost.example.com]