rsyslog often acts as central syslog ingestion and forwarder. Hardening requires transport security and strict input controls.
- Prefer TLS-enabled syslog (for example RELP/TLS) over plain UDP where possible.
- Restrict sender networks for ingestion ports.
- Validate certificates for trusted forwarders.
¶ Ruleset and Output Safety
- Prevent log injection by robust parsing/template handling.
- Restrict file output destinations and permissions.
- Protect credentials for remote outputs.