SYSLOG, Do I need this beast?

binarysoulbinarysoul Member Posts: 993
I know the basics of syslog, but I can't figure out why I need it.

Would you please tell me how you use it, on which platform and why you find it usefule?

Sometimes in the boardroom, there is a mention of syslog and I sound like a deer caught in the headlight :P

Comments

  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    It's a very basic client/server message logging function. It can be used for centralized collection of messages (from routers, switches, firewalls and other devices that produce them) to allow you to watch over a network without needing to check each device individually. Another option is SNMP which is more complex and offers more detail than syslog.

    Looking at a Cisco router configuring syslog to a server is easy:

    logging 10.1.1.1
    logging on

    now it will send the copies of the messages to the server (these are usually displayed on the console only.)
    The only easy day was yesterday!
  • rossonieri#1rossonieri#1 Member Posts: 799 ■■■□□□□□□□
    binarysoul wrote:
    I know the basics of syslog, but I can't figure out why I need it.

    Would you please tell me how you use it, on which platform and why you find it usefule?

    Sometimes in the boardroom, there is a mention of syslog and I sound like a deer caught in the headlight :P

    well - at my work, syslog has made me forget to watch closely all running devices from computers, temperature sensors, elevators etc. send their critical log via SMS - get someone to fix them - and easier to be audit.

    HTH.
    the More I know, that is more and More I dont know.
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Syslog is very useful for traffic analysis and error detection. The exact format varies from device to device but essentially it transmits Device ID, Timestamp, Facility (for sorting),Severity and other miscellaneous details - e.g. a PIX/ASA will included source and destination IP/Ports and if/what ACL blocked the packet. At it's simplest I have the 2 top severities set to go to the Syslog demon on the ASA GUI (ASDM) so I can quickly see the most serious stuff (I also set custom current malware port/block rules into these severities so I know straight away if we have the start of an infection). On the other end of the scale the same device forwards informational level syslog (way too much to read for a human) to the Adventnet Firewall Analyzer which then disects the messages and processes them into an easily viewable traffic flow.
    As the guys mentioned though it's not really intended as a resource/health monitor
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
Sign In or Register to comment.