This brief (about 3 minutes) video covers the basics of the syslog protocol
The topics covered in this video are:
- Introduction to the syslog protocol including a brief history and the parts that make up the message.
- Configuration steps on Cisco IOS-based devices along with Cisco recommended best practices
Syslog is a client/server protocol. Originally developed in the 1980s by Eric Allman as part of the Sendmail project, Syslog is defined within the Syslog working group of the IETF (RFC 3164) and is supported by a wide variety of devices and receivers across multiple platforms. Although there are exceptions, Syslog can be used to integrate log data from many disparate systems into a central repository for real-time and historical analysis.
The Syslog sender sends a small (less than 1KB) text message to the Syslog receiver. The Syslog receiver is commonly called "syslogd," "Syslog daemon," or "Syslog server." Syslog messages can be sent via UDP (port 514) and/or TCP (typically, port 5000). While there are some exceptions, such as SSL wrappers, this data is typically sent in clear text over the network.
Being a connectionless protocol, UDP does not provide acknowledgments to the sender or receiver. Additionally, at the application layer, Syslog servers do not send acknowledgments back to the sender for receipt of Syslog messages. Consequently, the sending device generates Syslog messages without knowing whether the Syslog server has received the messages. In fact, the sending devices send messages even if the Syslog server does not exist; these messages get "lost" in the network.1
1For extensive information on Syslog, please refer to: http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html