6.2.1.4 Ensure only one logging system is in use

Information

Best practices recommend that a single centralized logging system be used for log management, choose a single service either rsyslog - OR - journald to be used as a single centralized logging system.

Configuring only one logging service either rsyslog - OR - journald avoids redundancy, optimizes resources, simplifies configuration and management, and ensures consistency.

Solution

- Determine whether to use journald - OR - rsyslog depending on site needs
- Configure systemd-jounald.service
- Configure only ONE either journald - OR - rsyslog and complete the recommendations in that subsection
- Return to this recommendation to ensure only one logging system is in use

Impact:

Transitioning from one logging service to another can be complex and time consuming, it involves reconfiguration and may result in data loss if not managed and reconfigured correctly.

See Also

https://workbench.cisecurity.org/benchmarks/18209

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2

Plugin: Unix

Control ID: be348bffecccd2c298ed3c90e845bfa49fa949e15ac604e08047dc85cd499aa6