4.2.2.3 Ensure journald is configured to send logs to rsyslog

Audit#

IF RSyslog is the preferred method for capturing logs

Review /etc/systemd/journald.conf and verify that logs are forwarded to rsyslog.

# grep ^\s*ForwardToSyslog /etc/systemd/journald.conf

Verify the output matches:

ForwardToSyslog=yes

Edit the /etc/systemd/journald.conf file and add the following line:

ForwardToSyslog=yes

Restart the service:

# systemctl restart rsyslog