Browse Definitions :
Definition

syslog

Syslog is an IETF RFC 5424 standard protocol for computer logging and collection that is popular in Unix-like systems including servers, networking equipment and IoT devices. The log messages generated by a device creates a record of events that occur on the operating system or application. The purpose of the message is to provide administrators with information regarding important events, health information and other normal or abnormal happenings that could prove useful when troubleshooting or working through a security-related issue.

How does syslog work?

When an originating device is running the syslog daemon, device messages are generated during normal and abnormal operation based on what the application developers deemed as potentially useful. These messages can then be viewed in several forms. The first is to monitor the messages in real time on the originating device's console itself. Another method is to view the local log files that contain historical log information.

While the local log file is a quick way to view historical message events, note that on many systems, the local file has a maximum limitation on the number of log messages stored. Once that limit is reached, the oldest messages are overwritten with the newest. That means that the local file only contains the most recent logs.

However, it is often the case that administrators require looking at logs much further back in time. Thus, it is routine to use the third method of viewing logs which is to relay all logs across a network to a centralized log collection server.

The relaying of syslog messages are commonly sent over UDP port 514 or TCP 6514. The TCP method also offers the benefit of the Transport Layer Security (TLS) protocol to keep messages private. Once collected, an administrator can use a syslog viewer to view, sort and even alert on the various log messages coming in.

Syslog message components

Syslog facility codes
A list of the syslog facility codes and description names.

Each log event contains a timestamp along with the event message itself and the origin IP/domain name for identification purposes. The event is then categorized into one of eight severity levels. These levels are based on the criticality of the event according to the developer of the operating system or application in use. Each category is defined with both a numerical value and a severity name. The lower the value, the more severe the event. The scale goes from 0-7 starting with emergency and ending with debug. The different severity names, in order, are emergency, alert, critical, error, warning, notice, informational and debug.

When creating the log event, the originating device further segments the message into a logging facility code. This code categorizes messages based on which process within the overall application the message was generated. Much like the severity categorizations, the facilities are defined using a numerical value and a name. Facilities can be categorized into one of 24 different facility codes.

This was last updated in May 2019

Continue Reading About syslog

Networking
  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

Security
  • virus (computer virus)

    A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an ...

  • Certified Information Security Manager (CISM)

    Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the ...

  • cryptography

    Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is...

CIO
  • B2B (business to business)

    B2B (business-to-business) is a type of commerce involving the exchange of products, services or information between businesses, ...

  • return on investment (ROI)

    Return on investment (ROI) is a crucial financial metric investors and businesses use to evaluate an investment's efficiency or ...

  • big data as a service (BDaaS)

    Big data as a service (BDaS) is the delivery of data platforms and tools by a cloud provider to help organizations process, ...

HRSoftware
  • talent acquisition

    Talent acquisition is the strategic process an organization uses to identify, recruit and hire the people it needs to achieve its...

  • human capital management (HCM)

    Human capital management (HCM) is a comprehensive set of practices and tools used for recruiting, managing and developing ...

  • Betterworks

    Betterworks is performance management software that helps workforces and organizations to improve manager effectiveness and ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close