Syslog is an industry standard method for devices to record and report event that they perform or situations they encounter (see RFC 5424). Most network devices – such as routers, switched, firewalls, and hosts—are capable of producing a stream of syslog messages that can be send to central location for processing and/or storage. Devices can typically be configured to lower reporting levels (fewer messages) or higher reporting levels (more messages). You will need to consider what type of syslog messages you are interested in form each type of device and configure those devices appropriately.


Every syslog message should follow the format in the RFC, so some basic filtering can be performed at the syslog server level without undue difficulty. Its important note, however, that beyond the basic header information in a syslog message every vendor is free to format the message body as it chooses, leading to syslog messages that say the same thing very differently.


More information can be found @ IETF RFC 5424


About this entry