Ensure remote syslog-ng messages are only accepted on designated log hosts

Information

By default, syslog-ng does not listen for log messages coming in from remote systems.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

On designated log hosts edit the /etc/syslog-ng/syslog-ng.conf file and configure the following lines are appropriately:
source net{ tcp(); };
destination remote { file("/var/log/remote/${FULLHOST}-log"); };
log { source(net); destination(remote); };

On non designated log hosts edit the /etc/syslog-ng/syslog-ng.conf file and remove or edit any sources that accept network sourced log messages. Run the following command to reload the syslog-ng configuration: # pkill -HUP syslog-ng

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html