Introduction to Syslog protocol:
Syslog is a protocol that allows a machine to send event notification messages across IP networks to event message collectors - also known as Syslog Servers or Syslog Daemons. In other words, a machine or a device can be configured in such a way that it generates a Syslog Message and forwards it to a specific Syslog Daemon (Server).
Syslog messages are based on the User Datagram Protocol (UDP) type of Internet Protocol (IP) communications. Syslog messages are received on UDP port 514. Syslog message text is generally no more than 1024 bytes in length. Since the UDP type of communication is connectionless, the sending or receiving host has no knowledge receipt for retransmission. If a UDP packet gets lost due to congestion on the network or due to resource unavailability, it will simply get lost.
What is Syslog Daemon?
A Syslog Daemon or Server is an entity that would listen to the Syslog messages that are sent to it. You cannot configure a Syslog Daemon to ask a specific device to send it Syslog Messages. If a specific device has no ability to generate Syslog Messages, then a Syslog Daemon cannot do anything about it. To make this thing clear, you can consider a Syslog Server or Syslog Daemon as a TV which can only display you the program that is currently running on a specific channel. You cannot ask another station to send a new program on that channel.
Format of a Syslog Packet
The full format of a Syslog message seen on the wire has three ditinct parts.
The total length of the packet cannot exceed 1,024 bytes, and there is no minimum length
Use the Error Message Decoder tool in order to understand the syslog error messages that you receive.
The Error Message Decoder tool helps you research and resolve error messages for Cisco IOS Software, Catalyst Switch Software, and Cisco Secure PIX Firewall Software. Complete the instructions on the tool page in order to receive a description, recommended action, and related resources for your error message.
Refer to these documents for more information about PIX Firewall syslog error messages:
- Cisco PIX Firewall System Log Messages, Version 6.3
- Cisco Security Appliance System Log Messages, Version 7.0
Similar information is available for other PIX Firewall software versions. Refer to Cisco PIX Firewall Software Error and System Messages for your PIX software version.
For a list of all the available syslogs from the VPN 3000 concentrator, download these files from Cisco Downloads.