How to Configure Logging
There are two packages available in RHEL 5 for performing logging, and recommends that rsyslog be used.
No matter which logging software is used, a system should send its logs to a remote loghost. An intruder who has compromised the root account on a machine may delete the log entries which indicate that the system was attacked before they are seen by an administrator. If system logs are to be useful in detecting malicious activities, it is necessary to send them to a remote server.
The sysklogd software provides the default logging daemon for RHEL, but has a number of downsides, including a lack of authentication for client or server, lack of encryption, or reliable transport for messages sent over a network. For these reasons, rsyslog is recommended instead (and it is also part of RHEL).
