SYSLOG Flashcards

1
Q

What is syslog?

A

A protocol for enabling different appliances and software to transmit logs to a server.

Note: syslog can refer to the protocol, the server, or the log entries themselves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the name of the standard for logging of events from distributed systems called?

A

The Client-Server Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What Port does syslog use?

A

Port 514 UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is contained in a syslog message?

A

PRI code (Priority Code)
Header
Message Portion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is contained in the PRI code?

A

PRI code is a calculation from the facility and severity level of the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is contained in the Header

A

The time-stamp of the event and hostname.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is contained in the message portion?

A

The source process of the event and related content. Essentially, what happened, and what do we need to know?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What was the problem with the original syslog?

A

Because it was UDP, there were sometimes delivery problems on congested networks. No encryption or authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the improvements for newer syslog?

A

Port 1468 TCP
Uses TLS for confidentiality
Uses MD-5 or SHA-1 for authentication and integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the newer version of syslog server called?

A

syslog-ng or rsyslog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly