diff --git a/Earthfile b/Earthfile
index bc98551..64b0b9a 100644
--- a/Earthfile
+++ b/Earthfile
@@ -777,11 +777,6 @@ base-image:
 
     IF [ "$OS_DISTRIBUTION" = "sles" ]
         RUN if [ ! -e /usr/bin/apparmor_parser ]; then cp /sbin/apparmor_parser /usr/bin/apparmor_parser; fi
-        # https://software.opensuse.org//download.html?project=home%3Argerhards&package=rsyslog
-        # RUN zypper -n addrepo https://download.opensuse.org/repositories/home:rgerhards/SLE_15/home:rgerhards.repo
-
-        RUN zypper refresh
-        RUN zypper install rsyslog
     END
 
     DO +OS_RELEASE --OS_VERSION=$KAIROS_VERSION
diff --git a/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf b/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf
index 8288bed..ccce1b8 100644
--- a/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf
+++ b/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf
@@ -1,6 +1,5 @@
-# create stylus-audit.log with 600
+$FileOwner root
+$FileGroup adm
 $FileCreateMode 0600
-:syslogfacility-text=auth, :syslogseverity-text=notice, :syslogtag, "stylus-audit" /var/log/stylus-audit.log
 
-# restore the default file permissions
-$FileCreateMode 0640 
\ No newline at end of file
+auth.=notice /var/log/stylus-audit.log
\ No newline at end of file
diff --git a/rhel-core-images/Dockerfile.rhel8 b/rhel-core-images/Dockerfile.rhel8
index 081074d..e9520db 100644
--- a/rhel-core-images/Dockerfile.rhel8
+++ b/rhel-core-images/Dockerfile.rhel8
@@ -54,7 +54,7 @@ RUN uuidgen > /etc/machine-id && dnf install -y \
     iscsi-initiator-utils \
     iptables ethtool socat iproute-tc conntrack \
     kernel kernel-modules kernel-modules-extra \
-    rsync jq rsyslog logrotate && dnf clean all
+    rsync jq && dnf clean all
 
 
 COPY --from=quay.io/kairos/framework:v2.7.41 / /
diff --git a/rhel-fips/Dockerfile b/rhel-fips/Dockerfile
index 8bdecfd..9f1b87f 100644
--- a/rhel-fips/Dockerfile
+++ b/rhel-fips/Dockerfile
@@ -75,7 +75,7 @@ RUN uuidgen > /etc/machine-id && dnf install -y \
     iscsi-initiator-utils \
     iptables ethtool socat iproute-tc conntrack \
     kernel kernel-modules kernel-modules-extra \
-    rsync jq rsyslog logrotate && dnf clean all
+    rsync jq && dnf clean all
 
 RUN mkdir -p /run/lock && \
   touch /usr/libexec/.keep
diff --git a/ubuntu-fips/Dockerfile b/ubuntu-fips/Dockerfile
index aaf9380..caaa4b5 100644
--- a/ubuntu-fips/Dockerfile
+++ b/ubuntu-fips/Dockerfile
@@ -111,8 +111,6 @@ RUN apt-get install -y --no-install-recommends \
     zerofree \
     zfsutils-linux \
     zstd \
-    rsyslog \
-    logrotate \
     && apt-get remove -y unattended-upgrades && apt-get clean \
     && apt-get purge --auto-remove -y ubuntu-advantage-tools \
     && rm -rf /var/lib/apt/lists/*