diff --git a/Earthfile b/Earthfile
index 3e29606..7aa90f4 100644
--- a/Earthfile
+++ b/Earthfile
@@ -693,7 +693,7 @@ base-image:
         END
 
         RUN apt-get update && \
-            apt-get install --no-install-recommends kbd zstd vim iputils-ping bridge-utils curl tcpdump ethtool -y
+            apt-get install --no-install-recommends kbd zstd vim iputils-ping bridge-utils curl tcpdump ethtool rsyslog logrotate -y
 
         IF [ "$UPDATE_KERNEL" = "false" ]
             RUN if dpkg -l "linux-image-generic-hwe-$OS_VERSION" > /dev/null; then apt-mark hold "linux-image-generic-hwe-$OS_VERSION" "linux-headers-generic-hwe-$OS_VERSION" "linux-generic-hwe-$OS_VERSION" ; fi && \
@@ -753,7 +753,7 @@ base-image:
     END
 
     IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ]
-        RUN zypper install -y apparmor-parser apparmor-profiles
+        RUN zypper install -y apparmor-parser apparmor-profiles rsyslog logrotate
         RUN zypper cc && \
             zypper clean
         RUN if [ ! -e /usr/bin/apparmor_parser ]; then cp /sbin/apparmor_parser /usr/bin/apparmor_parser; fi
diff --git a/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf b/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf
new file mode 100644
index 0000000..2493c90
--- /dev/null
+++ b/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf
@@ -0,0 +1,6 @@
+# create stylus-audit.log with 600
+$FileCreateMode 0600
+:syslogfacility-text=auth, :syslogseverity-text=notice, :syslogtag, "arun-sharma" /var/log/stylus-audit.log
+
+# restore the default file permissions
+$FileCreateMode 0640 
\ No newline at end of file
diff --git a/rhel-core-images/Dockerfile.rhel8 b/rhel-core-images/Dockerfile.rhel8
index e9520db..081074d 100644
--- a/rhel-core-images/Dockerfile.rhel8
+++ b/rhel-core-images/Dockerfile.rhel8
@@ -54,7 +54,7 @@ RUN uuidgen > /etc/machine-id && dnf install -y \
     iscsi-initiator-utils \
     iptables ethtool socat iproute-tc conntrack \
     kernel kernel-modules kernel-modules-extra \
-    rsync jq && dnf clean all
+    rsync jq rsyslog logrotate && dnf clean all
 
 
 COPY --from=quay.io/kairos/framework:v2.7.41 / /
diff --git a/rhel-fips/Dockerfile b/rhel-fips/Dockerfile
index 9f1b87f..8bdecfd 100644
--- a/rhel-fips/Dockerfile
+++ b/rhel-fips/Dockerfile
@@ -75,7 +75,7 @@ RUN uuidgen > /etc/machine-id && dnf install -y \
     iscsi-initiator-utils \
     iptables ethtool socat iproute-tc conntrack \
     kernel kernel-modules kernel-modules-extra \
-    rsync jq && dnf clean all
+    rsync jq rsyslog logrotate && dnf clean all
 
 RUN mkdir -p /run/lock && \
   touch /usr/libexec/.keep
diff --git a/slem/Dockerfile b/slem/Dockerfile
index 1b2d47f..d252a92 100644
--- a/slem/Dockerfile
+++ b/slem/Dockerfile
@@ -22,6 +22,8 @@ RUN zypper in --force-resolution -y --no-allow-vendor-change \
     fail2ban \
     lldpd \
     nethogs \
+    rsyslog \
+    logrotate \
     && zypper cc
 # NOTE: removed dhcp-client
 RUN mkdir -p /run/lock
diff --git a/ubuntu-fips/Dockerfile b/ubuntu-fips/Dockerfile
index caaa4b5..aaf9380 100644
--- a/ubuntu-fips/Dockerfile
+++ b/ubuntu-fips/Dockerfile
@@ -111,6 +111,8 @@ RUN apt-get install -y --no-install-recommends \
     zerofree \
     zfsutils-linux \
     zstd \
+    rsyslog \
+    logrotate \
     && apt-get remove -y unattended-upgrades && apt-get clean \
     && apt-get purge --auto-remove -y ubuntu-advantage-tools \
     && rm -rf /var/lib/apt/lists/*