====== 4.2.3 Ensure rsyslog or syslog-ng is installed (Scored) ======
=====Profile Applicability=====  
<code>
Level 1 - Server 
Level 1 - Workstation
</code>
=====Description=====
The ''rsyslog'' and ''syslog-ng'' software are recommended replacements to the original ''syslogd'' daemon which provide improvements over ''syslogd'', such as connection-oriented (i.e. TCP) transmission of logs, the option to log to database formats, and the encryption of log data en route to a central logging server.
=====Rationale=====
The security enhancements of ''rsyslog'' and ''syslog-ng'' such as connection-oriented (i.e. TCP) transmission of logs, the option to log to database formats, and the encryption of log data en route to a central logging server) justify installing and configuring the package.
=====Audit===== 
Verify either rsyslog or syslog-ng is installed. Depending on the package management in use one of the following command groups may provide the needed information:
<Code:bash>
# rpm -q rsyslog 
# rpm -q syslog-ng
</Code>
=====Remediation===== 
Install ''rsyslog'' or ''syslog-ng'' using one of the following commands:
<Code:bash>
# yum install rsyslog 
# yum install syslog-ng
</Code>

=====Notes=====
The syslog-ng package requires the EPEL7 and Optional repositories be enabled. See https://czanik.blogs.balabit.com/2015/09/installing-syslog-ng-ose-3-7-1-on-rhel6-and-centos6/ for more information.