Syslog
Once a program was written for sending internetwork e-mails. That program changed the way how events get logged today. The program is still better known as Sendmail program. Sendmail is capable of supporting many kinds of mail-transfers and delivery methods but the most preferred is Simple Mail Transfer Protocol (SMTP). Eric Allman the writer of first Advanced Research Project Agency Network (ARPANET) Delivermail program wrote Sendmail as derivative to Delivermail for UNIX platform. But while writing this program h#-Link-Snipped-#e decided to make this program capable of sending log messages to remote system rather than keeping on the system on which the program is installed, the message that Sendmail used to send used to get stored in maillog file in remote system. To perform this task he created a new protocol known as Syslog Protocol. His idea of storing log messages on remote server got so much appreciation that now it is used as standard remote logging protocol.
Today Syslog protocol is known as a protocol which allows an application, system or a device to send event logs to event collecting servers known as Syslog Servers or Syslog Daemons. In short we can say any application or device can be configured to send its event logs to Syslog Daemon by generating a Syslog Message. Since the protocol is developed for UNIX and first used on Berkely Software Distribution (BSD UNIX) platform it is also known as BSD Syslog and sometimes Free BSD Syslog since BSD UNIX is free now. Syslog uses UDP packet to transfer message and only applications that can generate Syslog message can be received by Syslog Server via port number 514. Please note that you can not configure Syslog Server to ask specific application or system to transfer event logs but on other hand you have to configure application or device to send event logs to server. This should be clear now that a Syslog Server hardly bothers who is sending messages and hence can receive messages from anyone.
#-Link-Snipped-#A Syslog packet can never be larger than 1024 bytes and consist of only three fields Priority (PRI), Header and Message (MSG). PRI field is made up of 8 bits in which first 3 bits represent Severity Code and remaining represents Facility Code. Recommended codes are defined but application may use its own code. Header section defines Timestamp which stores date and time at which the message was generated and Host-Name or IP address of device. The MSG part contains details about event logs usually stored in TAG and CONTENT field, where TAG stores name of program, process or device and CONTENT stores event log.
Criticism:
Since the protocol uses UDP packets it is unreliable that means if any Syslog packet diminishes while transfer process can never be recovered ultimately losing some important data. Next thing is you can not configure Syslog Server to accept specific kind of data so anyone can send data to Syslog server. Also every application may generate self severity codes and facility code thus leaving protocol susceptible to non-uniform log messages.
Today Syslog protocol is known as a protocol which allows an application, system or a device to send event logs to event collecting servers known as Syslog Servers or Syslog Daemons. In short we can say any application or device can be configured to send its event logs to Syslog Daemon by generating a Syslog Message. Since the protocol is developed for UNIX and first used on Berkely Software Distribution (BSD UNIX) platform it is also known as BSD Syslog and sometimes Free BSD Syslog since BSD UNIX is free now. Syslog uses UDP packet to transfer message and only applications that can generate Syslog message can be received by Syslog Server via port number 514. Please note that you can not configure Syslog Server to ask specific application or system to transfer event logs but on other hand you have to configure application or device to send event logs to server. This should be clear now that a Syslog Server hardly bothers who is sending messages and hence can receive messages from anyone.
#-Link-Snipped-#A Syslog packet can never be larger than 1024 bytes and consist of only three fields Priority (PRI), Header and Message (MSG). PRI field is made up of 8 bits in which first 3 bits represent Severity Code and remaining represents Facility Code. Recommended codes are defined but application may use its own code. Header section defines Timestamp which stores date and time at which the message was generated and Host-Name or IP address of device. The MSG part contains details about event logs usually stored in TAG and CONTENT field, where TAG stores name of program, process or device and CONTENT stores event log.
Criticism:
Since the protocol uses UDP packets it is unreliable that means if any Syslog packet diminishes while transfer process can never be recovered ultimately losing some important data. Next thing is you can not configure Syslog Server to accept specific kind of data so anyone can send data to Syslog server. Also every application may generate self severity codes and facility code thus leaving protocol susceptible to non-uniform log messages.
0