diff --git a/defaults/main.yml b/defaults/main.yml
index cfa610c..6ae4b24 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -898,7 +898,7 @@ rhel9cis_auditd_uid_exclude:
 # This variable governs which logging service should be used, choosing between 'rsyslog'(CIS recommendation)
 # or 'journald'(only one is implemented) will trigger the execution of the associated subsection, as the-best
 # practices are written wholly independent of each other.
-rhel9cis_syslog: journald
+rhel9cis_syslog: rsyslog
 ## Control 4.2.1.5 | PATCH | Ensure logging is configured
 # This variable governs if current Ansible role should manage syslog settings
 # in /etc/rsyslog.conf file, namely mail, news and misc(warn, messages)
diff --git a/vars/AlmaLinux.yml b/vars/AlmaLinux.yml
index a0fa6ba..b0eb3d9 100644
--- a/vars/AlmaLinux.yml
+++ b/vars/AlmaLinux.yml
@@ -5,9 +5,3 @@ os_gpg_key_pubkey_name: gpg-pubkey-b86b3716-61e69f29
 os_gpg_key_pubkey_content: "AlmaLinux OS 9 <packager@almalinux.org> b86b3716"
 # disable repo_gpgcheck due to OS default repos
 rhel9cis_rule_enable_repogpg: false
-
-rhel9cis_sshd:
-    # This variable sets the maximum number of unresponsive "keep-alive" messages
-    # that can be sent from the server to the client before the connection is considered
-    # inactive and thus, closed.
-    clientalivecountmax: 3
\ No newline at end of file
diff --git a/vars/Rocky.yml b/vars/Rocky.yml
index 7d9f014..77af29c 100644
--- a/vars/Rocky.yml
+++ b/vars/Rocky.yml
@@ -3,9 +3,3 @@
 
 os_gpg_key_pubkey_name: gpg-pubkey-350d275d-6279464b
 os_gpg_key_pubkey_content: "Rocky Enterprise Software Foundation - Release key 2022 <releng@rockylinux.org> 350d275d"
-
-rhel9cis_sshd:
-    # This variable sets the maximum number of unresponsive "keep-alive" messages
-    # that can be sent from the server to the client before the connection is considered
-    # inactive and thus, closed.
-    clientalivecountmax: 3
\ No newline at end of file