Syslog
syslog is a de facto standard for forwarding log messages in an IP network. The term "syslog" is often used for both the actual syslog protocol, as well as the application or library sending
syslog messages. The syslog protocol is a very simplistic protocol: the syslog sender sends a small textual message (less than 1024 bytes) to the syslog receiver. The receiver is commonly called "syslogd", "syslog daemon" or "syslog server". Syslog messages are sent via UDP and contain the message in cleartext. Syslog is typically used for computer system management and security auditing. While it has a number of shortcomings, its big plus is that syslog is supported by a wide variety of devices and receivers. Because of this, syslog can be used to integrate log data from many different types of systems into a central repository.
History
Syslog was developed by Eric Allman as part of the Sendmail project. Initially, it was used (and designed) for Sendmail only. However, it proved to be so valuable that other applications began to utilize syslog too. Today (2005), syslog is the standard logging solution on Unix and Linux systems. There also exist a variety of syslog implementations on other operating systems like Microsoft Windows. Interestingly, syslog was not standardized until recently. In an effort to improve its security, the Internet Engineering Task Force implemented a working group. In 2001, the status quo was documented in RFC 3164. Since then, new additions to syslog are being worked on. A formal specification and standardiziation of message content and transport layer mechanisms is scheduled for 2005.
Outlook
There is growing interest and new applications for syslog. Recently, syslog is being standardized and/or recommended for a number of auditing applications, for example in the health care environment (IHE) as well as for formalized network management.
Related RFCs RFC 3164 - The BSD Syslog Protocol RFC 3195 - Reliable Delivery for syslog
External links IETF syslog working group
|
|
