Syslog

Syslog

Syslog is a standard protocol used for message logging, allowing devices and applications to send log data to a central server. It provides a central repository for monitoring and analyzing logs, crucial for system management, security auditing, and troubleshooting.

Syslog RFCs

• RFC 3164: Defines the original BSD syslog protocol, outlining the format for syslog messages and the communication between devices.

• RFC 5424: Updates and extends RFC 3164 by providing a more robust message format and allowing for structured data elements.

• RFC 5425: Specifies the use of Transport Layer Security (TLS) to provide a secure transport for syslog messages.

• RFC 5426: Defines the transmission of syslog messages over UDP, maintaining compatibility with the traditional syslog transport mechanism.

• RFC 6587: Clarifies transmission of syslog messages over TCP, addressing issues with message framing and reliability.

Apica supports ingesting data from syslog senders but only via TCP as UDP is susceptible to data loss. The different syslog ports that are supported can be found below

1. 514 / 7514 (TLS) - RFC 5424 documentation / Read RFC 3164 Document

2. 515 / 7515 (TLS) - Syslog CEF

3. 516 / 7516 (TLS) - Syslog Fortinet / RFC 6587

4. 517 - Raw RCP / catch-all for non-compliant syslog / Debug