3.4 Enable remote logging for Desktops on trusted networks

Information

In addition to local logging, remote logging can be enabled for internal computers on trusted networks. Local logs can be altered if the computer is compromised. Remote logging mitigates the risk of having the logs altered.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Perform the following to implement the prescribed state:
1. Run the following command in Terminal:
sudo pico /etc/syslog.conf
2. Add the following line to the top of the file, replacing 'your.log.server' with the name or IP address of the log server, and keeping all other lines intact.
*.* @your.log.server
3. Exit, saving changes.
4. Reboot the system.

See Also

https://workbench.cisecurity.org/files/301

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Unix

Control ID: 9374e1caa32169fbb3002dc07c5004b3eca0c530e65946f0c3ebc549a91358a9