SA audit: how to check if syslog or rsyslog active


A client unix environment needs to ensure that either syslog or rsyslog is active.

SA Audit can be use to check their respective log file or running service - but this means 2 different audit policies. Since either one runs, one will be compliant and one will be non-compliant .

Any best practise on check if either syslog or rsyslog is active, and show compliance if either one is active.

Any suggestion or input welcomed.

Thank you.

ITOM PreSales, Singapore