From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing (Rated Start-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.


I am strongly in doubt if all the product/vendor links in the "implementation" section are really helpful. Anyhow, I've tried to complete it for now and brush it up, but I'd recommend to remove it altogether. Rgerhards 14:00, 26 January 2006 (UTC)

what happened in 2005[edit]

The article currently says "A formal specification and standardiziation of message content and transport layer mechanisms is scheduled for 2005." What was the outcome of the scheduled 2005 discussion?

See for the latest news on syslog standardization

What about local syslog?[edit]

Is there a reason this article is entirely about the network protocol? syslog is on every unix machine and most of them neither send nor accept log messages over the network. The typical syslog configuration just writes everything to a few local files. If asked to summarize syslog, I'd say it's a service for collecting log messages from many sources and routing them in a configurable manner to various destinations. The sources and destinations can be remote hosts but usually aren't. --Tcsetattr 06:34, 31 January 2007 (UTC)

I edit this entry to reflect this. DGerman (talk) 19:40, 2 April 2010 (UTC)

A liitle more detail, please.[edit]

How about mentioning such concepts as Facility and Level, perhaps listing the standard levels (Debug, Information, Notice, Notice, Warning, Error, Critical, Alert, Emergency).

For now, this article reads more like a stub than an entry on a major internet standard. —Preceding unsigned comment added by BenStrauss (talkcontribs) 20:16, 9 June 2008 (UTC)

Just edited the article to change the word "level" into "severity". It's not called level. Check RFC 5424. It predominantly talks about severity, and not level. Granted, the old RFC did mention level a few more times, calling it "security levels" on occassion. But not anymore. Manadar (talk) 09:32, 29 December 2011 (UTC)
Manadar's edit is good: the term "severity" should be used. But the terms "severity", "facility", and "priority" are field names; the terms "level" and "value" refer to the value of a field. This is true both in the UNIX standard and in RFC 5424. Contrary to Manadar's statement, RFC 5424 refers to the "severity level" at least once. The UNIX standard refers to the "severity", the "severity level", and the "severity-level". So yes, the word "severity" should be used, but no, avoiding the word "level" is not necessary (and may even create confusion). — Preceding unsigned comment added by Metaed (talkcontribs) 16:55, 29 December 2011 (UTC)

Implementations section[edit]

Products are creeping in here that are related to syslog but do not actually implement it. Perhaps a separate section is more appropriate for these, or elimination of the non-syslog products. —Preceding unsigned comment added by (talk) 16:26, 21 August 2008 (UTC)

Specific configuration may permit directing messages to various devices is this a feature of syslog or the syslog daemon? DGerman (talk) 21:23, 26 May 2015 (UTC)

About Patents[edit]

It has been some years ago that the patent claims were raised. What has happend since? Were they settled or abandoned? -- (talk) 11:42, 10 March 2010 (UTC) The wording of the references to patent claims (plural), seem a bit misleading actually: "At different points in time, various companies have attempted patent claims on syslog.[2][3][4]". All three of those references are to the same, apparently bogus patent claim and that only had to do with sending syslog over TLS as far as I can tell. I haven't done enough research to confirm that they were indeed the only patent claim made and the status thereof, but I would sure like to see the wording of this clarified. —Preceding unsigned comment added by Josdon (talkcontribs) 16:06, 22 April 2010 (UTC)

External links[edit]

The Small Syslog Server link has been added & removed repeatedly. Should it stay or should it go? Any comments?

This promotional link which advertises a nonfree server that isn't the subject of this article has recently been spammed across multiple Wikipedias by a very determined spammer. If it continues I will probably request that the link be blacklisted. See WikiProject Spam link report. ThemFromSpace 19:46, 12 July 2010 (UTC)

The link Syslog server installation on Debian leads to something that installs some sort of pretty syslog thing on Debian and is NOT about installing a normal syslog server which is part of all modern unixen. Being so misleading I propose this link be removed.

SANS paper[edit]

The SANS paper mentioned in the external link explicitly states:

Reposting is not permitted without express written permission.

— SANS Institute, The Ins and Outs of System Logging Using Syslog, p. 1

This may be an issue here. #!/bin/DokReggar -talk 10:19, 8 February 2011 (UTC)

Severity levels: description[edit]

The general description in the Severity level needs revision. syslog does not define that CRIT indicates a " failure in a secondary system", nor "within a given time" nor who should be notified.

I will wait a while in case someone should like to respond before I revise this. DGerman (talk) 17:00, 1 September 2013 (UTC)

Well, the Wikipedia policy is "be bold". So I guess you can just do it, and if someone disagrees, they will correct. Thanks for your participation!
#!/bin/DokReggar -talk 07:09, 2 September 2013 (UTC)
@DGerman, my reading of RFC 5424 agrees with your oberservation, I support your proposed changes. Ben Aveling 10:28, 2 September 2013 (UTC)

Syslog or syslog?[edit] uses syslog. But wiki uses Syslog? — Preceding unsigned comment added by Ben7015 (talkcontribs) 04:42, 26 January 2014 (UTC)

It's only written Syslog in the start of sentences, not in the middle of them. RFC5424 uses the same format, capitalization following english standard. TuxyQ (talk|contrib) 19:02, 15 May 2014 (UTC)


The "Limitations" part seems not to be accurate and considers a specific usage of the protocol, without clearly stating it and without considering the others. For instance, syslog is not based on the UDP transport protocol but on the TLS protocol. UDP is just supported but not advised by RFC5424. The others limitations are more based on the configuration of tools using syslog rather than on the definition of the protocol itself. Moreover, this section is not written in an encyclopaedic way.

I would therefore advise this section to be corrected as soon as possible or otherwise deleted. — Preceding unsigned comment added by Silmilia (talkcontribs) 11:16, 16 May 2014 (UTC)

rework needed[edit]

This article has become seriously convoluted, missing important concepts and including excessive detail.

I will attempt to rework it. Unfortunately I will need to do this piecemeal.

I welcome you comments, but please wait several days in case I (or someone else) makes intermediate changes.

DGerman (talk) 22:04, 26 May 2015 (UTC)