| 44.8. Appendix | ||
|---|---|---|
 | Chapter 44. SYSLOG - The syslog protocol |  |
| 44.8. Appendix | ||
|---|---|---|
| | Chapter 44. SYSLOG - The syslog protocol | |
The SYSLOG protocol provides a transport to allow a machine to send event notification messages across IP networks to event message collectors.
SYSLOG messages aren't formatted, the protocol is simply designed to transport these event messages. The scenario includes:
A device which originates messages;
The SYSLOG process which may send messages to a collector;
No acknowledgement of the receipt is made.
SYSLOG uses the user datagram protocol (UDP). The UDP port that has
been assigned to SYSLOG is 514. It's recommended that
the source port also be 514.
SYSLOG protocol definitions:
Device. A machine that can generate a
message.
Relay. A machine that can receive the message
and forward it to another machine.
Collector. A machine that receives the
message and does not relay it to any other machines. This has been
commonly known as a SYSLOG server.
Sender. Any device or relay when it sends a
message.
Receiver. Any relay or collector, when it
receives the message.
The architecture of the devices may be summarized as follows:
Senders send messages to relays or collectors with no knowledge of whether it's a collector or relay.
Senders may be configured to send the same message to multiple receivers.
Relays may send all or some of the messages that they receive to a subsequent relay or collector. In the case where they do not forward all of their messages, they're acting as both a collector and a relay. In the following diagram, these devices will be designated as relays.
Relays may also generate their own messages and send them on to subsequent relays or collectors. In that case, it's acting as a device. These devices will also be designated as a relay in the following diagram.
Some possible SYSLOG architectures:
| |  | |
| 44.7. Rsyslog |  | Chapter 45. Tunneling proprietary protocols |
