diff --git a/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh b/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh
index d587fc2..4f45cb9 100755
--- a/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh
+++ b/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh
@@ -6,7 +6,7 @@
 #
 
 #
-# 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. (Not Scored)
+# 4.2.1.6 Ensure remote syslog-ng messages are only accepted on designated log hosts. (Not Scored)
 #
 
 set -e # One error, it's over
@@ -17,14 +17,75 @@ HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Configure syslog to accept remote syslog messages only on designated log hosts."
 
+REMOTE_HOST=""
+PATTERN='source[[:alnum:][:space:]*{]+(tcp|udp)[[:space:]]*\(\"[[:alnum:].]+\".'
+
 # This function will be called if the script status is on enabled / audit mode
 audit() {
-    info "Not implemented yet"
+    FOUND=0
+    FILES="$SYSLOG_BASEDIR/syslog-ng.conf $($SUDO_CMD find -L "$SYSLOG_BASEDIR"/conf.d/ -type f)"
+    for FILE in $FILES; do
+        does_pattern_exist_in_file_multiline "$FILE" "$PATTERN"
+        if [ "$FNRET" = 0 ]; then
+            FOUND=1
+        fi
+    done
+
+    if [[ "$REMOTE_HOST" ]]; then
+        info "This is the remote host, checking that it only accepts logs from specified zone"
+        if [ "$FOUND" = 1 ]; then
+            ok "$PATTERN is present in $FILES"
+        else
+            crit "$PATTERN is not present in $FILES"
+        fi
+    else
+        info "This is the not the remote host checking that it doesn't accept remote logs"
+        if [ "$FOUND" = 1 ]; then
+            crit "$PATTERN is present in $FILES"
+        else
+            ok "$PATTERN is not present in $FILES"
+        fi
+
+    fi
 }
 
 # This function will be called if the script status is on enabled mode
 apply() {
-    info "Not implemented yet"
+    FOUND=0
+    FILES="$SYSLOG_BASEDIR/syslog-ng.conf $(find -L "$SYSLOG_BASEDIR"/conf.d/ -type f)"
+    for FILE in $FILES; do
+        does_pattern_exist_in_file_multiline "$FILE" "$PATTERN"
+        if [ "$FNRET" = 0 ]; then
+            FOUND=1
+        fi
+    done
+
+    if [[ "$REMOTE_HOST" ]]; then
+        info "This is the remote host, checking that it only accepts logs from specified zone"
+        if [ "$FOUND" = 1 ]; then
+            ok "$PATTERN is present in $FILES"
+        else
+            crit "$PATTERN is not present in $FILES, setup the machine to receive the logs"
+        fi
+    else
+        info "This is the not the remote host checking that it doesn't accept remote logs"
+        if [ "$FOUND" = 1 ]; then
+            warn "$PATTERN is present in $FILES, "
+        else
+            ok "$PATTERN is not present in $FILES"
+        fi
+
+    fi
+}
+
+# This function will create the config file for this check with default values
+create_config() {
+    cat <<EOF
+status=audit
+SYSLOG_BASEDIR='/etc/syslog-ng'
+# Put here if it's the remote host or not
+REMOTE_HOST=false
+EOF
 }
 
 # This function will check config parameters required