To expand, syslog is used to describe several different, but related things (as described already on the front page)
First, there is the protocol. Syslog describes a very simple protocol of passing a data, priority, severity and description message to a syslog server. The deep details are here:
http://www.faqs.org/rfcs/rfc3164.html. In this way, "syslog" describes the actual message.
Next, syslog describes the syslog "receiver", typically called syslogd. Just about every version of UNIX, Linux and BSD have a version of syslogd that captures system messages and logs them to a file. There are many different versions of syslogd, some that are really simple and just write the messages to a file, some that are really configureable, that let you send the logs into a database and everywhere in between. One of the reasons that there are so many implementations of syslogd, is that it is so simple to create. There is not much more required that to open a socket to listen on the network, and to capture the packets, and write them to a file. Anything beyond that is added features. In this way, syslog describes the application that receives syslog messages.
A pretty extensive list of syslogd alternatives is available here:
http://www.syslog.org/Web_Links+index-req-viewlink-cid-3.phtmlThat's the simple part of syslog. The more complex part comes in with what is what is logged. Syslog messages often contain important message about the health of a computer system, such as when a hard drive fills up, when someone logs in, when an application crashs, etc. Because of this, monitoring the messages in syslog log files is an important part of managing a system. A lot of work has been done to automate the process of weeding out important messages from more trivial messages, and provide automatic notification of system problems through a web page, email, etc. Aggregating the messages in syslog over time also provides a baseline for the health of a system. Looking for deviations in what is being logged can provide a critical insight into some serious system event, such as a hardware problem or someone trying to compromise the system.
There are many tools available for analyzing syslog messages here:
http://www.syslog.org/Web_Links+index-req-viewlink-cid-4.phtml and tools for viewing syslog messages here:
http://www.syslog.org/Web_Links+index-req-viewlink-cid-5.phtmlFinally, many people have taken to getting all of their system logs, either from Windows desktops & servers, and from unix servers, into a central spot. Windows event logs are able to be converted to syslog messages, and analyzed using the same tools that monitor traditional unix log messages. Tools for doing that are available here:
http://www.syslog.org/Web_Links+index-req-viewlink-cid-6.phtmlI hope that this is helpful.
