A client unix environment needs to ensure that either syslog or rsyslog is active.
SA Audit can be use to check their respective log file or running service - but this means 2 different audit policies. Since either one runs, one will be compliant and one will be non-compliant .
Any best practise on check if either syslog or rsyslog is active, and show compliance if either one is active.
Any suggestion or input welcomed.
ITOM PreSales, Singapore