Most networks of any size need to have some sort of system for storing and managing their log files. Most network devices produce logs and many of them can contain lots of useful information. However without a way of analysing and reporting this data then it can simply become another system administration chore with little or no benefit.
One of the oldest methods of centralising these system messages and logs is by using a syslog server. Syslog messaging was originally used on UNIX system for the logs produced by network devices, applications and operating systems. Most modern network devices can be configured to generate Syslog messages which can be picked up by a server. These messages are normally generated and then transmitted using UDP to a server running a Syslog daemon that can accept the messages.
Over the years more and more devices have been created which cab support and generate Syslog messages. Despite being fairly old technology many firms have started to move away from specialized technology towards simply using a central Syslog server to receive, store and archive messages generated from network devices. These servers can also be used to create automatic notifications if specific critical events are generated – for example if an important default gateway becomes unresponsive. This means that IT support personnel can be made aware of potential issues quickly and often before it affects users directly or at least minimize downtime.
Although there are many other methods of receiving and sending system messages across a network using Syslog has many advantages. For a start it works directly with many reporting technologies and almost all network devices will support the Syslog message format. This is very important because as soon as you have multiple logging formats and messaging you’re faced with the prospect of installing multiple system log servers. This creates a hierarchy which can be difficult to support especially for network support staff who need access to all logs in order to troubleshoot issues.
For example if you have a RAS (Remote Access Server) which is configured to use a different system messaging system from other devices in your network you could miss vital pieces of information. In addition, problems in these servers can be missed and so important devices can suffer longer periods of downtime. Many remote users rely on having access through a good VPN service when travelling in order to connect back from remote networks.
If you do have different devices which don’t support the Syslog standard and aren’t able to get rid of them there are some other options. You can use software like Microsoft’s Log Parser program which can convert many formats into a log message that Syslog can understand.
Author of a Polskie Proxy