SYSLOG Flashcards
What is syslog?
A protocol for enabling different appliances and software to transmit logs to a server.
Note: syslog can refer to the protocol, the server, or the log entries themselves
What is the name of the standard for logging of events from distributed systems called?
The Client-Server Model
What Port does syslog use?
Port 514 UDP
What is contained in a syslog message?
PRI code (Priority Code)
Header
Message Portion
What is contained in the PRI code?
PRI code is a calculation from the facility and severity level of the data
What is contained in the Header
The time-stamp of the event and hostname.
What is contained in the message portion?
The source process of the event and related content. Essentially, what happened, and what do we need to know?
What was the problem with the original syslog?
Because it was UDP, there were sometimes delivery problems on congested networks. No encryption or authentication.
What are the improvements for newer syslog?
Port 1468 TCP
Uses TLS for confidentiality
Uses MD-5 or SHA-1 for authentication and integrity
What is the newer version of syslog server called?
syslog-ng or rsyslog