Resources White papers
Centralised logging with rsyslog
The management of multiple systems requires the setup of tools to control the servers behaviour in real time and post analysis. Moreover, regulations and best practices often require the IT department to maintain an accurate log of all events happening in their systems in order to allow for later analysis. Performing such analysis on each system is time consuming and is relatively insecure because if a server is compromised, the attacker, having gained root access, will be able to cover its traces by removing the portions of the logs that he wants.