4.2.1.3 Ensure journald is configured to send logs to rsyslog

Information

Data from journald may be stored in volatile memory or persisted locally on the server. Utilities exist to accept remote export of journald logs, however, use of the RSyslog service provides a consistent means of log collection and export.

Rationale:

IF RSyslog is the preferred method for capturing logs, all logs of the system should be sent to it for further processing.

Solution

Edit the /etc/systemd/journald.conf file and add the following line:

ForwardToSyslog=yes

Restart the service:

# systemctl restart rsyslog

See Also

https://workbench.cisecurity.org/files/2920