Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Syslog
What is Syslog?
Syslog stands for System Logging Protocol and is a standard protocol used to send system log or event messages to a specific server, called a Syslog server. It is primarily used to collect various device logs from several different machines in a central location for monitoring and review.
Syslog transmission
Traditionally, Syslog uses the UDP protocol on port 514 but can be configured to use any port. In addition, some devices will use TCP 1468 to send Syslog data to get confirmed message delivery.
Syslog packet transmission is asynchronous. What causes a Syslog message to be generated is configured within the router, switch, or server itself. Unlike other monitoring protocols, such as SNMP, there is no mechanism to poll the Syslog data. In some implementations, SNMP may be used to set or modify Syslog parameters remotely.
The Syslog message format
The Syslog message consists of three parts: PRI (a calculated priority value), HEADER (with identifying information), and MSG (the message itself).
The PRI data sent via the Syslog protocol comes from two numeric values that help categorize the message. The first is the Facility value. This value is one of 15 predefined values or various locally defined values in the case of 16 to 23. These values categorize the type of message or which system generated the event.
Number | Facility description |
0 | Kernel messages |
1 | User-level messages |
2 | Mail System |
3 | System Daemons |
4 | Security/Authorization Messages |
5 | Messages generated by syslogd |
6 | Line Printer Subsystem |
7 | Network News Subsystem |
8 | UUCP Subsystem |
9 | Clock Daemon |
10 | Security/Authorization Messages |
11 | FTP Daemon |
12 | NTP Subsystem |
13 | Log Audit |
14 | Log Alert |
15 | Clock Daemon |
16 - 23 | Local Use 0 - 7 |
The second label of a Syslog message categorizes the importance or severity of the message in a numerical code from 0 to 7.
Code | Severity | Description |
0 | Emergency | System is unusable |
1 | Alert | Action must be taken immediately |
2 | Critical | Critical conditions |
3 | Error | Error conditions |
4 | Warning | Warning conditions |
5 | Notice | Normal but significant condition |
6 | Informational | Informational messages |
7 | Debug | Debug-level messages |
Seceon Inc. All rights reserved. https://www.seceon.com