🌐 Networking Intermediate

What is syslog in networking?

Answer

Syslog is the standard protocol for sending log messages from network devices (routers, switches, firewalls, servers) to a centralized log server for storage, analysis, and alerting. It uses UDP or TCP on port 514 (TCP on 6514 for TLS-encrypted syslog). Syslog messages have a severity level (0-7): 0 Emergency, 1 Alert, 2 Critical, 3 Error, 4 Warning, 5 Notice, 6 Informational, 7 Debug. A facility code indicates the source type (kernel, mail, security, local0-7). Cisco devices: logging host 192.168.1.100; logging trap warnings sends warnings and above to the syslog server. Centralized logging is essential for: security event monitoring (SIEM integration), troubleshooting (correlate events across devices with synchronized timestamps), compliance (retain logs for audit), and capacity planning. Tools: rsyslog (Linux), Graylog, ELK Stack, Splunk. Always use NTP to ensure timestamps are synchronized across all devices for accurate log correlation.