Information
Centralized log management helps ensure logs are forensically sound and are available at a central location for auditing and incident investigation.
Rationale:
A centralized logging solution aggregates logs from multiple systems to ensure logs can be referenced in the event systems are thought to be compromised. Centralized log servers are also often used to correlate logs for potential patterns of attack. If a centralized logging solution is not used and systems (and their logs) are believed to be compromised, then logs may not be permitted to be used as evidence.
Solution
To enable central logging for your error logs, add the below line to your server block in your server configuration file. 192.168.2.1 should be replaced with the location of your central log server.
error_log syslog:server=192.168.2.1 info;
Default Value:
Syslog is not configured by default.