|
syslog is a standard for forwarding log messages in an IP network. The term "syslog" is often used for both the actual syslog protocol, as well as the application or library sendingsyslog messages. The syslog protocol is a very simplistic protocol: the syslog sender sends a small textual message (less than 1024 bytes) to the syslog receiver. The receiver is commonly called "syslogd", "syslog daemon" or "syslog server". Syslog messages can be sent via UDP and/or TCP. Often the data is sent in cleartext, however, an SSL wrapper such as Stunnel, sslio or sslwrap can be used to provide for a layer of encryption through SSL/TLS. Syslog is typically used for computer system management and security auditing. While it has a number of shortcomings, syslog is supported by a wide variety of devices and receivers across multiple platforms. Because of this, syslog can be used to integrate log data from many different types of systems into a central repository.
History Syslog was developed in the 1980s by Eric Allman as part of the Sendmail project, and was initially used solely for Sendmail. It proved so valuable, however, that other applications began using it as well. Syslog has since become the standard logging solution on Unix and Linux systems. There likewise exist a variety of syslog implementations on other operating systems such as Microsoft Windows. Until recently, Syslog functioned as a de facto standard, without any authoritative published specification, and many implementations existed (some of which were incompatible with others). In an effort to improve its security, the Internet Engineering Task Force implemented a working group. In 2001, the status quo was documented in RFC 3164. Since then, new additions to syslog have been worked on. A formal specification and standardiziation of message content and transport layer mechanisms is scheduled for 2005. Outlook Interest in syslog continues to grow. Various groups are working on draft standards detailing the use of syslog for more than just network and security event logging, such as its proposed application within the health care environment (IHE). However, standardization initiatives have been stalled because of a syslog-related patent application filed by Huawei Technologies Co., Ltd. of Shenzhen, China on June 20, 2006. See also Implementations Related RFCs | ||||||||
|
| |||||||||
 |
|
| |