6.2.3.2 Ensure rsyslog service is enabled and active

Information

Once the rsyslog package is installed, ensure that the service is enabled.

If the rsyslog service is not enabled to start on boot, the system will not capture logging events.

Note: This recommendation only applies if rsyslog is the chosen method for client side logging. Do not apply this recommendation if journald is used.

Solution

- IF - rsyslog is being used for logging on the system:

Run the following commands to unmask, enable, and start rsyslog.service :

# systemctl unmask rsyslog.service
# systemctl enable rsyslog.service
# systemctl start rsyslog.service

See Also

https://workbench.cisecurity.org/benchmarks/18209

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2, 800-53|AU-7, 800-53|AU-12, CSCv7|6.2, CSCv7|6.3

Plugin: Unix

Control ID: 33097aece253ddcad0f112e6f40aaef271740b44bc8cb905fb00cb3a83c3c4fb