====== 4.2.3 Ensure rsyslog or syslog-ng is installed (Scored) ======
=====Profile Applicability=====  
<code>
Level 1 - Server 
Level 1 - Workstation
</code>
=====Description=====
The ''rsyslog'' and ''syslog-ng'' software are recommended replacements to the original ''syslogd'' daemon which provide improvements over ''syslogd'', such as connection-oriented (i.e. TCP) transmission of logs, the option to log to database formats, and the encryption of log data en route to a central logging server.
=====Rationale=====
The security enhancements of ''rsyslog'' and ''syslog-ng'' such as connection-oriented (i.e. TCP) transmission of logs, the option to log to database formats, and the encryption of log data en route to a central logging server) justify installing and configuring the package.
=====Audit===== 
Verify either rsyslog or syslog-ng is installed. Depending on the package management in use one of the following command groups may provide the needed information:
<Code:bash>
# dpkg -s rsyslog 
# dpkg -s syslog-ng
</Code>
=====Remediation===== 
Install ''rsyslog'' or ''syslog-ng'' using one of the following commands:
<Code:bash>
# apt-get install rsyslog 
# apt-get install syslog-ng
</Code>