Ensure syslog-ng is configured to send logs to a remote log host

Information

The syslog-ng utility supports the ability to send logs it gathers to a remote log host or to receive messages from remote hosts, reducing administrative overhead.

Solution

Edit the /etc/syslog-ng/syslog-ng.conf file and add the following lines (where logfile.example.com is the name of your central log host).
destination logserver { tcp("logfile.example.com"port(514)); };
log { source(src); destination(logserver); };

Run the following command to reload the syslog-ng configuration: # pkill -HUP syslog-ng

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html