Versions Compared

Old Version 17

changes.mady.by.user Vladimir Tayzhev

Saved on

compared with

New Version Current

changes.mady.by.user Technical Service Specialist

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

What is Syslog?

Syslog is an IETF RFC 5424 3164 standard protocol for computer logging and collection that is popular in Unix-like systems including servers, networking equipment, and IoT devices. The log messages generated by a device create a record of events that occur on the operating system or application. The purpose of the message is to provide administrators with information regarding important events, health information, and other normal or abnormal happenings that could prove useful when troubleshooting or working through a security-related issue.

Essentially you receive logs from Vutlan monitoring device onto a separate centralized log collection server. This separate centralized log collection server is created and managed by your system administrator on a server inside/outside your facility.

How does syslog work?

When a Vutlan monitoring system is running the syslog daemon, system messages are generated and sent to a centralized log collection server.

The relaying of Syslog messages is commonly sent over UDP port 514 or TCP 6514. The TCP method also offers the benefit of the Transport Layer Security (TLS) protocol to keep messages private. Once collected, an administrator can use a syslog viewer to view, sort, and even alert on the various log messages coming in.

Syslog message components

Each log event contains a timestamp along with the event message itself and the origin IP/domain name for identification purposes.

The event is then categorized into one of eight severity levels.

VALUE

SEVERITY

KEYWORD

DESCRIPTION

EXAMPLES

0

Emergency

emerg

System is unusable

This level should not be used by applications.

1

Alert

alert

Should be corrected immediately

Loss of the primary ISP connection.

2

Critical

crit

Critical conditions

A failure in the system's primary application.

3

Error

err

Error conditions

An application has exceeded its file storage limit and attempts to write are failing.

4

Warning

warning

May indicate that an error will occur if action is not taken.

A non-root file system has only 2GB remaining.

5

Notice

notice

Events that are unusual, but not error conditions.

 

6

Informational

info

Normal operational messages that require no action.

An application has started, paused or ended successfully.

7

Debug

debug

Information useful to developers for debugging the application.

 

Configure Syslog

To configure the export of logs do the following:

...