The Ins and Outs of System Logging Using Syslog

The intent of this paper is to help the reader follow a process of thinking that will provide them with the tools to understand the fundamentals of system logging. Hopefully at the end you will be able to identify the best implementation for your particular environment. This paper focuses on logging using syslog which has become the de facto logging standard on UNIX based systems. Though this is syslog and UNIX specific I would hope the general discussions on logging would be helpful for any log implementation. This paper begins with a discussion on what logging is, how it helps, and what considerations are needed before we implement logging. We progress towards a discussion on syslog specifics, the elements that comprise a working implementation from the basic to the more advanced, detailing configuration options and shortcomings, including implementation ideas. The last parts of the paper build upon our knowledge of syslog, and look at methods to remove these shortcomings and the outside factors that need consideration to provide us with a robust and secure implementation. This paper focuses on the syslog implementation that comes with Red Hat 8.0 which provides the main features required to perform logging, but it falls short when we start our discuss on security requirements.