Information
Storing log data on a remote host protects log integrity from local attacks. If an attacker gains root access on the local system, they could tamper with or remove log data that is stored on the local system
Solution
Edit the /etc/rsyslog.conf and /etc/rsyslog.d/*.conf files and add the following line
(where loghost.example.com is the name of your central log host).
*.* @@loghost.example.com
Run the following command to reload the rsyslogd configuration:
# pkill -HUP rsyslogd