Browse Definitions :
Definition

syslog

Syslog is an IETF RFC 5424 standard protocol for computer logging and collection that is popular in Unix-like systems including servers, networking equipment and IoT devices. The log messages generated by a device creates a record of events that occur on the operating system or application. The purpose of the message is to provide administrators with information regarding important events, health information and other normal or abnormal happenings that could prove useful when troubleshooting or working through a security-related issue.

How does syslog work?

When an originating device is running the syslog daemon, device messages are generated during normal and abnormal operation based on what the application developers deemed as potentially useful. These messages can then be viewed in several forms. The first is to monitor the messages in real time on the originating device's console itself. Another method is to view the local log files that contain historical log information.

While the local log file is a quick way to view historical message events, note that on many systems, the local file has a maximum limitation on the number of log messages stored. Once that limit is reached, the oldest messages are overwritten with the newest. That means that the local file only contains the most recent logs.

However, it is often the case that administrators require looking at logs much further back in time. Thus, it is routine to use the third method of viewing logs which is to relay all logs across a network to a centralized log collection server.

The relaying of syslog messages are commonly sent over UDP port 514 or TCP 6514. The TCP method also offers the benefit of the Transport Layer Security (TLS) protocol to keep messages private. Once collected, an administrator can use a syslog viewer to view, sort and even alert on the various log messages coming in.

Syslog message components

Syslog facility codes
A list of the syslog facility codes and description names.

Each log event contains a timestamp along with the event message itself and the origin IP/domain name for identification purposes. The event is then categorized into one of eight severity levels. These levels are based on the criticality of the event according to the developer of the operating system or application in use. Each category is defined with both a numerical value and a severity name. The lower the value, the more severe the event. The scale goes from 0-7 starting with emergency and ending with debug. The different severity names, in order, are emergency, alert, critical, error, warning, notice, informational and debug.

When creating the log event, the originating device further segments the message into a logging facility code. This code categorizes messages based on which process within the overall application the message was generated. Much like the severity categorizations, the facilities are defined using a numerical value and a name. Facilities can be categorized into one of 24 different facility codes.

This was last updated in May 2019

Continue Reading About syslog

Networking
  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

Security
  • virus (computer virus)

    A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an ...

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the ...

  • cryptography

    Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is...

CIO
  • IT project management

    IT project management is the process of planning, organizing and delineating responsibility for the completion of an ...

  • chief financial officer (CFO)

    A chief financial officer (CFO) is the corporate title for the person responsible for managing a company's financial operations ...

  • chief strategy officer (CSO)

    A chief strategy officer (CSO) is a C-level executive charged with helping formulate, facilitate and communicate an ...

HRSoftware
  • HR automation

    Human resources automation (HR automation) is a method of using software to automate and streamline repetitive and laborious HR ...

  • compensation management

    Compensation management is the discipline and process for determining employees' appropriate pay and benefits.

  • HR technology (human resources tech)

    HR technology (human resources technology) is an umbrella term for hardware and software used to automate the human resource ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close