Workload misconfigurations

Ensure syslog messages are not suppressed (Automated)

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

In more modern Syslog implementations, repeated message suppression can be configured (for example, $RepeatedMsgReduction in rsyslog).
  • Recommended Mitigation

    If disabled, messages sent to Syslog could be suppressed and not logged. While a message is emitted stating that a given message was repeated and suppressed, the timestamp associated with these suppressed messages are lost, potentially damaging the recreation of an incident timeline.