Rsyslog
rsyslog is a widely used logging daemon for collecting, transforming, and forwarding system logs.
Why it matters
- Centralizes logs from many hosts into operational backends.
- Supports filtering, enrichment, and structured outputs.
- Enables reliable incident triage and security investigations.
Operational notes
- Define clear routing for auth, kernel, and app logs.
- Use reliable transport and buffering for remote forwarding.
- Keep log retention and rotation aligned with compliance needs.