What is syslog in networking?
Why Interviewers Ask This
Mid-level Networking roles require deep understanding of this topic. Interviewers ask this to separate candidates who truly understand the mechanics from those who only know surface-level concepts.
Answer
Syslog is the standard protocol for sending log messages from network devices (routers, switches, firewalls, servers) to a centralized log server for storage, analysis, and alerting. It uses UDP or TCP on port 514 (TCP on 6514 for TLS-encrypted syslog). Syslog messages have a severity level (0-7): 0 Emergency, 1 Alert, 2 Critical, 3 Error, 4 Warning, 5 Notice, 6 Informational, 7 Debug. A facility code indicates the source type (kernel, mail, security, local0-7). Cisco devices: logging host 192.168.1.100; logging trap warnings sends warnings and above to the syslog server. Centralized logging is essential for: security event monitoring (SIEM integration), troubleshooting (correlate events across devices with synchronized timestamps), compliance (retain logs for audit), and capacity planning. Tools: rsyslog (Linux), Graylog, ELK Stack, Splunk. Always use NTP to ensure timestamps are synchronized across all devices for accurate log correlation.
Common Mistake
Don't just define the term — demonstrate that you understand when to use it and when not to. Showing awareness of trade-offs is what separates average from strong Networking candidates.