Skip to main content

3. Definitions

Syslog utilizes three layers:

  • "syslog content" is the management information contained in a syslog message.

  • The "syslog application" layer handles generation, interpretation, routing, and storage of syslog messages.

  • The "syslog transport" layer puts messages on the wire and takes them off the wire.

Certain types of functions are performed at each conceptual layer:

  • An "originator" generates syslog content to be carried in a message.

  • A "collector" gathers syslog content for further analysis.

  • A "relay" forwards messages, accepting messages from originators or other relays and sending them to collectors or other relays.

  • A "transport sender" passes syslog messages to a specific transport protocol.

  • A "transport receiver" takes syslog messages from a specific transport protocol.

Diagram 1 shows the different entities separated by layer.

+---------------------+ +---------------------+
|      content        | |      content        |
|---------------------| |---------------------|
| syslog application  | | syslog application  | (originator,
|                     | |                     | collector, relay)
|---------------------| |---------------------|
|  syslog transport   | |  syslog transport   | (transport sender,
|                     | |                     | transport receiver)
+---------------------+ +---------------------+
        ^                         ^
        |                         |
        ---------------------------

Diagram 1. Syslog Layers
Last updated on