Syslog Basics

This brief (about 3 minutes) video covers the basics of the syslog protocol

The topics covered in this video are:

Introduction to the syslog protocol including a brief history and the parts that make up the message.
Configuration steps on Cisco IOS-based devices along with Cisco recommended best practices

Syslog is a client/server protocol. Originally developed in the 1980s by Eric Allman as part of the Sendmail project, Syslog is defined within the Syslog working group of the IETF (RFC 3164) and is supported by a wide variety of devices and receivers across multiple platforms. Although there are exceptions, Syslog can be used to integrate log data from many disparate systems into a central repository for real-time and historical analysis.

The Syslog sender sends a small (less than 1KB) text message to the Syslog receiver. The Syslog receiver is commonly called "syslogd," "Syslog daemon," or "Syslog server." Syslog messages can be sent via UDP (port 514) and/or TCP (typically, port 5000). While there are some exceptions, such as SSL wrappers, this data is typically sent in clear text over the network.

Being a connectionless protocol, UDP does not provide acknowledgments to the sender or receiver. Additionally, at the application layer, Syslog servers do not send acknowledgments back to the sender for receipt of Syslog messages. Consequently, the sending device generates Syslog messages without knowing whether the Syslog server has received the messages. In fact, the sending devices send messages even if the Syslog server does not exist; these messages get "lost" in the network.¹

¹For extensive information on Syslog, please refer to: http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html

Sign up for our newsletter & be the first to receive information about all the latest updates, offers & promotions from our store!

We never sell, share or rent your personal information to any third parties under any circumstances. We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when: (1) permitted or required by law; or, (2) trying to protect against or prevent actual or potential fraud or unauthorized transactions; or, (3) investigating fraud which has already taken place. The information is not provided to these organizations for marketing purposes.