Professional Documents
Culture Documents
System Logging Protocol (Syslog) is a way network devices can use a standard message format to
communicate with a logging server.
It was designed specifically to make it easy to monitor network devices.
Devices can use a Syslog agent to send out notification messages under a wide range of specific
conditions Syslog transmission
Traditionally, Syslog uses the UDP protocol on port 514 but can be configured to use any port. In
addition, some devices will use TCP 1468 to send syslog data to get confirmed message delivery.
Syslog packet transmission is asynchronous.
What causes a syslog message to be generated is configured within the router, switch, or server itself.
Unlike other monitoring protocols, such as SNMP, there is no mechanism to poll the syslog data.
In some implementations, SNMP may be used to set or modify syslog parameters remotely.
The syslog message consists of three parts: PRI (a calculated priority value), HEADER (with identifying
information), and MSG (the message itself).
The PRI data sent via the syslog protocol comes from two numeric values that help categorize the
message.
The first is the Facility value. This value is one of 15 predefined values or various locally defined values
in the case of 16 to 23. These values categorize the type of message or which system generated the
event.