Security Strategies in Linux Platforms and Applications, 3rd Edition by Ric Messier, Michael Jang

Consolidating and Securing Remote Logs

The rsyslog service builds on the original system and kernel log services, including its basic configuration file, /etc/syslog.conf. The weakness of that older service is that it sends logging information to remote or central servers in cleartext. In other words, a malicious user who wants to collect information on the current state of your systems could have a field day if he or she can identify the system configured as a central logging server—unless that service is configured with the rsyslog service. Although the rsyslog service is ­configured primarily in the /etc/rsyslog.conf file, the way the service is started by default is rather important.