syslog-ng can be installed in replacement of rsyslog.
The syslog-ng-core package can be installed with the following command:
$ sudo yum install syslog-ng-core
The syslog-ng-core package provides the syslog-ng daemon, which provides system logging services.
The syslog-ng service (in replacement of rsyslog) provides syslog-style logging
by default on Debian.
The syslog-ng service can be enabled with the following command:
$ sudo systemctl enable syslog-ng.service
The syslog-ng service must be running in order to provide logging services, which are essential to system administration.
syslog-ng will create logfiles that do not already exist on the system. The perm() option in the global options block controls what permissions will be applied to these newly created files.
It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected.
The syslog-ng daemon should not accept remote messages unless the system acts as a log server. To ensure that it is not listening on the network, verify that none of the following source driver calls appear uncommented in syslog-ng configuration files:
tcp() udp() network()
Any process which receives messages from the network incurs some risk of receiving malicious messages. This risk can be eliminated for syslog-ng by configuring it not to listen on the network.