Hello list, I am new on this list. I start working on a IT department and I need to update and check the actual syslog system. We have more than 50 Ubuntu servers, locals and remotes, on each servers there is rsyslog installed and configured this way: $ cat /etc/rsyslog.d/99-rsyslog.conf auth.*,authpriv.* @logserver kern.warn @logserver kern.err @logserver mail.* @logserver There is server (logserver) with syslog-ng to manage and save all logs. It receive on UDP port without secure, this the source section on syslog-ng configuration: source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); }; source logs_externs{ udp(); }; I have some questions about how to secure it: 1. How can I secure the logs on the net? I must use TCP to secure? 2. I have lot of data (5-10GB at week) to store, which is the best method to manage it? Logrotate? Scripts? I want to move logs to NAS monthly. 3. Is it a good idea to make files for each host and services? Something like: /var/log/host1/auth.log, /var/log/host2/auth.log, /var/log/host1/mail.log, /var/log/host2/mail.log These are my newby questions, thanks for all your help and best regards.