BSI-100-2: S 4.106: Activation of system logging: /etc/rsyslog.conf - daemon.info

Information

All changes made to /etc/syslog.conf must be documented. When making modifications to the existing IT system, at first everything should be logged. After that, individual areas can be deactivated in stages as required. The /var partition must be sufficiently large to accommodate the log files.

* Please note that the equivalent file on a Red Hat system is /etc/rsyslog.conf

Safeguard Catalogues: S 4: Hardware and software

S 4.106: Activation of system logging

See Also

https://www.bsi.bund.de/cae/servlet/contentblob/471430/publicationFile/28223/standard_100-2_e_pdf.pdf

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(2)

Plugin: Unix

Control ID: 44ff5db9ce4e7239d63e5d4a5dd35b28bbc096dea726df12753152625605b6fc