diff --git a/CICD/heat/gc_HOT.yaml b/CICD/heat/gc_HOT.yaml
index 6137bbedd1c7bae184cf91bee74b0e5e3c77cb8e..9aefd480740a2f200bc30073a12158e8f312274a 100644
--- a/CICD/heat/gc_HOT.yaml
+++ b/CICD/heat/gc_HOT.yaml
@@ -62,6 +62,11 @@ parameters:
     type: string
     label: Resource ID
     default: 070a32e2-858b-462a-b2b5-b3a92eec2669
+  SYSLOGSecGroupID:
+    type: string
+    label: Resource ID
+    default: 1de45b93-e5f6-4838-94f7-fc307752d6cb
+
 
 resources:
 
@@ -75,9 +80,9 @@ resources:
     flavor: m3.xsmall
     image: { get_param: centos_7_image_id }
     key_name: { get_param: ssh_key }
-    security_groups: [ { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: MySQLSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
+    security_groups: [ { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: MySQLSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID }, { get_param: SYSLOGSecGroupID } ]
     metadata:
-     ansible_host_groups: [ SQLNodes, NFSNodes, LDAPServer, CentosNodes ]
+     ansible_host_groups: [ SQLNodes, NFSNodes, LDAPServer, CentosNodes, LogNodes ]
      ansible_ssh_user: ec2-user
      project_name: { get_param: project_name }
     networks:
@@ -133,7 +138,7 @@ resources:
         mynodename:
          list_join: [ '-', [ { get_param: "OS::stack_name" }, 'mgmt%index%' ]]
         ssh_key: { get_param: ssh_key }
-        security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: MySQLSecGroupID } ]
+        security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: MySQLSecGroupID }, { get_param: SYSLOGSecGroupID } ]
         project_name: { get_param: project_name }
 
   MgmtNodesU:
@@ -150,7 +155,7 @@ resources:
         mynodename:
          list_join: [ '-', [ { get_param: "OS::stack_name" }, 'mgmtU%index%' ]]
         ssh_key: { get_param: ssh_key }
-        security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: MySQLSecGroupID } ]
+        security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: MySQLSecGroupID }, { get_param: SYSLOGSecGroupID } ]
         project_name: { get_param: project_name }
 
   LoginNodesC:
@@ -166,7 +171,7 @@ resources:
       key_name: { get_param: ssh_key }
       name:
        list_join: [ '-', [ { get_param: "OS::stack_name" }, 'login%index%' ]]
-      security_groups: [ default, { get_param: PublicSSHSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
+      security_groups: [ default, { get_param: PublicSSHSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID }, { get_param: SYSLOGSecGroupID } ]
       metadata:
        ansible_host_groups: [ LoginNodes, CentosNodes ]
        ansible_ssh_user: ec2-user
@@ -187,7 +192,7 @@ resources:
       key_name: { get_param: ssh_key }
       name:
        list_join: [ '-', [ { get_param: "OS::stack_name" }, 'loginU%index%' ]]
-      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
+      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID }, { get_param: SYSLOGSecGroupID } ]
       metadata:
        ansible_host_groups: [ LoginNodes, UbuntuNodes ]
        ansible_ssh_user: ubuntu
@@ -208,7 +213,7 @@ resources:
       key_name: { get_param: ssh_key }
       name:
        list_join: [ '-', [ { get_param: "OS::stack_name" }, 'desktopc%index%' ]]
-      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
+      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID }, { get_param: SYSLOGSecGroupID } ]
       metadata:
        ansible_host_groups: [ DesktopNodes, VisNodes, ComputeNodes, CentosNodes ]
        ansible_ssh_user: ec2-user
@@ -229,7 +234,7 @@ resources:
       key_name: { get_param: ssh_key }
       name:
        list_join: [ '-', [ { get_param: "OS::stack_name" }, 'computeU%index%' ]]
-      security_groups: [ default, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: SSHMonashSecGroupID }, { get_param: LDAPSecGroupID } ]
+      security_groups: [ default, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: SSHMonashSecGroupID }, { get_param: LDAPSecGroupID }, { get_param: SYSLOGSecGroupID } ]
       metadata:
        ansible_host_groups: [ ComputeNodes, UbuntuNodes ]
        ansible_ssh_user: ubuntu
@@ -250,7 +255,7 @@ resources:
       key_name: { get_param: ssh_key }
       name:
        list_join: [ '-', [ { get_param: "OS::stack_name" }, 'computec7%index%' ]]
-      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
+      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID }, { get_param: SYSLOGSecGroupID } ]
       metadata:
        ansible_host_groups: [ ComputeNodes, CentosNodes ]
        ansible_ssh_user: ec2-user
@@ -271,7 +276,7 @@ resources:
       key_name: { get_param: ssh_key }
       name:
        list_join: [ '-', [ { get_param: "OS::stack_name" }, 'gpudesktopu%index%' ]]
-      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
+      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID }, { get_param: SYSLOGSecGroupID } ]
       metadata:
        ansible_host_groups: [ DesktopNodes, GPU, ComputeNodes, VisNodes, UbuntuNodes ]
        ansible_ssh_user: ubuntu
@@ -292,7 +297,7 @@ resources:
       key_name: { get_param: ssh_key }
       name:
        list_join: [ '-', [ { get_param: "OS::stack_name" }, 'gpudesktopc%index%' ]]
-      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID } ]
+      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: SYSLOGSecGroupID } ]
       metadata:
        ansible_host_groups: [ DesktopNodes, GPU, ComputeNodes, K1, VisNodes, CentosNodes ]
        ansible_ssh_user: ec2-user
@@ -313,7 +318,7 @@ resources:
       key_name: { get_param: ssh_key }
       name:
        list_join: [ '-', [ { get_param: "OS::stack_name" }, 'computerhel%index%' ]]
-      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
+      security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID }, { get_param: SYSLOGSecGroupID } ]
       metadata:
        ansible_host_groups: [ DGXRHELNodes, RedhatNodes ]
        ansible_ssh_user: cloud-user
diff --git a/CICD/plays/computenodes.yml b/CICD/plays/computenodes.yml
index a2be4e14db1b02de4ae43e2d8e5424d6eb33673a..e94409a3bafbdd3af9ddba7e8d95a813c3a1676b 100644
--- a/CICD/plays/computenodes.yml
+++ b/CICD/plays/computenodes.yml
@@ -38,6 +38,7 @@
   - { role: postfix, tags: [ mail, other ] }
   - { role: set_semaphore_count, tags: [ semaphore ] }
   - { role: ldapclient, ssl: false, tags: [ ldapclient ] }
+  - { role: rsyslog_client, tags: [ syslog ] }
   - { role: ssh-keepalive, tags: [ ssh ] }
   - { role: enable_sudo_group, tags: [ authentication ] }
 
diff --git a/CICD/plays/nfssqlnodes.yml b/CICD/plays/nfssqlnodes.yml
index e1b66e13a48f8a9a4734dc1128aac45ced1431c2..1bd0ed32c5dedb82347211de949511b7563012dc 100644
--- a/CICD/plays/nfssqlnodes.yml
+++ b/CICD/plays/nfssqlnodes.yml
@@ -83,3 +83,8 @@
   roles:
   - { role: nfs-server }
   tags: [ nfs,nfs-server ]
+
+- hosts: 'LogNodes'
+  roles:
+  - { role: etcHosts, tags: [ networking, etcHosts ] }
+  - { role: rsyslog_server }
diff --git a/CICD/vars/vars.yml b/CICD/vars/vars.yml
index 8620f51c950e19534b8e44781775641892464047..032abcb7bb4dff8357011c80ebea08842dcea90a 100644
--- a/CICD/vars/vars.yml
+++ b/CICD/vars/vars.yml
@@ -2,6 +2,7 @@
 sudo_group: systems
 nagios_home: "/var/lib/nagios"
 nvidia_version: "450.51.06"
+syslog_server: "{{ groups['SQLNodes'][0] }}"
 
 gpumap:
  'K1': 'K1'
diff --git a/roles/rsyslog_client/templates/rsyslog.conf.j2 b/roles/rsyslog_client/templates/rsyslog.conf.j2
index ec20e37eed465e52b3c4dbc7053ac2485b3eaeaf..29f2df461eba92703c4268371d303bd735b180fb 100644
--- a/roles/rsyslog_client/templates/rsyslog.conf.j2
+++ b/roles/rsyslog_client/templates/rsyslog.conf.j2
@@ -8,6 +8,7 @@
 # The imjournal module bellow is now used as a message source instead of imuxsock.
 $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
 $ModLoad imjournal # provides access to the systemd journal
+$ModLoad imfile
 #$ModLoad imklog # reads kernel messages (the same are read from journald)
 #$ModLoad immark  # provides --MARK-- message capability
 
@@ -79,7 +80,15 @@ uucp,news.crit                                          /var/log/spooler
 local7.*                                                /var/log/boot.log
 & @{{ syslog_server }}:514
 
-
+#https://trello.com/c/w0dBcu2t
+#https://www.thegeekdiary.com/how-to-send-audit-logs-to-remote-rsyslog-server-in-centos-rhel-67/
+$InputFileName /var/log/audit/audit.log
+$InputFileTag tag_audit_log:
+$InputFileStateFile audit_log
+$InputFileSeverity info
+$InputFileFacility local6
+$InputRunFileMonitor
+*.* @{{ syslog_server }}:514
 # ### begin forwarding rule ###
 # The statement between the begin ... end define a SINGLE forwarding
 # rule. They belong together, do NOT split them. If you create multiple
diff --git a/roles/rsyslog_server/templates/rsyslog.conf.j2 b/roles/rsyslog_server/templates/rsyslog.conf.j2
index 17ee4286fc32f27ebce4d7563a222a26c673f529..9fb00cdf98221a3d5fd41cb8995b5a3ebf8f58b1 100644
--- a/roles/rsyslog_server/templates/rsyslog.conf.j2
+++ b/roles/rsyslog_server/templates/rsyslog.conf.j2
@@ -72,6 +72,8 @@ uucp,news.crit                                          /var/log/spooler
 # Save boot messages also to boot.log
 local7.*                                                /var/log/boot.log
 
+$template HostAudit, "/var/log/rsyslog/%HOSTNAME%/audit_log"  
+local6.*
 
 # ### begin forwarding rule ###
 # The statement between the begin ... end define a SINGLE forwarding