Browse Definitions :
Definition

syslog

Syslog is an IETF RFC 5424 standard protocol for computer logging and collection that is popular in Unix-like systems including servers, networking equipment and IoT devices. The log messages generated by a device creates a record of events that occur on the operating system or application. The purpose of the message is to provide administrators with information regarding important events, health information and other normal or abnormal happenings that could prove useful when troubleshooting or working through a security-related issue.

How does syslog work?

When an originating device is running the syslog daemon, device messages are generated during normal and abnormal operation based on what the application developers deemed as potentially useful. These messages can then be viewed in several forms. The first is to monitor the messages in real time on the originating device's console itself. Another method is to view the local log files that contain historical log information.

While the local log file is a quick way to view historical message events, note that on many systems, the local file has a maximum limitation on the number of log messages stored. Once that limit is reached, the oldest messages are overwritten with the newest. That means that the local file only contains the most recent logs.

However, it is often the case that administrators require looking at logs much further back in time. Thus, it is routine to use the third method of viewing logs which is to relay all logs across a network to a centralized log collection server.

The relaying of syslog messages are commonly sent over UDP port 514 or TCP 6514. The TCP method also offers the benefit of the Transport Layer Security (TLS) protocol to keep messages private. Once collected, an administrator can use a syslog viewer to view, sort and even alert on the various log messages coming in.

Syslog message components

Syslog facility codes
A list of the syslog facility codes and description names.

Each log event contains a timestamp along with the event message itself and the origin IP/domain name for identification purposes. The event is then categorized into one of eight severity levels. These levels are based on the criticality of the event according to the developer of the operating system or application in use. Each category is defined with both a numerical value and a severity name. The lower the value, the more severe the event. The scale goes from 0-7 starting with emergency and ending with debug. The different severity names, in order, are emergency, alert, critical, error, warning, notice, informational and debug.

When creating the log event, the originating device further segments the message into a logging facility code. This code categorizes messages based on which process within the overall application the message was generated. Much like the severity categorizations, the facilities are defined using a numerical value and a name. Facilities can be categorized into one of 24 different facility codes.

This was last updated in May 2019

Continue Reading About syslog

Networking
Security
  • cardholder data (CD)

    Cardholder data (CD) is any personally identifiable information (PII) associated with a person who has a credit or debit card.

  • PCI DSS merchant levels

    Payment Card Industry Data Security Standard (PCI DSS) merchant levels rank merchants based on their number of transactions per ...

  • three-factor authentication (3FA)

    Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication ...

CIO
  • knowledge-based systems (KBSes)

    Knowledge-based systems (KBSes) are computer programs that use a centralized repository of data known as a knowledge base to ...

  • Sarbanes-Oxley Act

    The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies.

  • project charter

    A project charter is a formal short document that states a project exists and provides project managers with written authority to...

HRSoftware
  • employee engagement

    Employee engagement is the emotional and professional connection an employee feels toward their organization, colleagues and work.

  • talent pool

    A talent pool is a database of job candidates who have the potential to meet an organization's immediate and long-term needs.

  • diversity, equity and inclusion (DEI)

    Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and ...

Customer Experience
  • customer touchpoint

    A customer touchpoint is any direct or indirect contact a customer has with a brand.

  • customer service charter

    A customer service charter is a document that outlines how an organization promises to work with its customers along with ...

  • sales development representative (SDR)

    A sales development representative (SDR) is an individual who focuses on prospecting, moving and qualifying leads through the ...

Close