Information
Data from systemd-journald may be stored in volatile memory or persisted locally on the server. Utilities exist to accept remote export of systemd-journald logs, however, use of the rsyslog service provides a consistent means of log collection and export.
Rationale:
-IF- rsyslog is the preferred method for capturing logs, all logs of the system should be sent to it for further processing.
Note: This recommendation only applies if rsyslog is the chosen method for client side logging. Do not apply this recommendation if systemd-journald is used.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Create or edit the file /etc/systemd/journald.conf, or a file in the /etc/systemd/journald.conf.d/ directory ending in .conf and add or edit the line ForwardToSyslog=yes:
Example:
# printf '%s
' 'ForwardToSyslog=yes' > /etc/systemd/journald.conf.d/50-journald_forward.conf
Restart the systemd-journald service:
# systemctl restart systemd-journald.service