Hell is other syslog

I had to go into the recesses of my mind to recall this Syslog mess for one of the things I’m working on in Korea. It has me pleasantly tech-adjacent. I’m not rolling up my sleeves to lay hands on said tech. Rather, I am spending a lot of time looking at how this bit of tech was implemented, best described (and very timely for me) here ↴

The Syslog Hell – Bozho’s tech blog:

Syslog. You’ve probably heard about that, especially if you are into monitoring or security. Syslog is perceived to be the common, unified way that systems can send logs to other systems. Linux supports syslog, many network and security appliances support syslog as a way to share their logs. On the other side, a syslog server is receiving all syslog messages. It sounds great in theory – having a simple, common way to represent logs messages and send them across systems.

Reality can’t be further from that. Syslog is not one thing – there are multiple “standards”, and each of those is implemented incorrectly more often than not. Many vendors have their own way of representing data, and it’s all a big mess.

It’s all coming back to me know, like the hot kiss at the end of a wet fist.

This entry was posted in tech by Paul. Bookmark the permalink.

About Paul

I’m a Detroit expat recently returned from Tokyo living in Chattanooga. I’m a consulting security professional and father of two. I promise that my views and politics are mine; not yours or my employer’s or anyone’s. I follow no party or affiliation or anything. My things are released under the Creative Commons Attribution-ShareAlike 4.0 International license unless otherwise stated.

Be nice with what you write.