Information
The syslog-ng utility supports the ability to send logs it gathers to a remote log host or to receive messages from remote hosts, reducing administrative overhead. Storing log data on a remote host protects log integrity from local attacks. If an attacker gains root access on the local system, they could tamper with or remove log data that is stored on the local system
Solution
Edit the /etc/syslog-ng/syslog-ng.conf file and add the following lines (where logfile.example.com is the name of your central log host). destination logserver { tcp(" logfile.example.com " port(514)); }; log { source(src); destination(logserver); }; Run the following command to restart syslog-ng: # pkill -HUP syslog-ng