syslog is both the name of an computer-based event recording service, and the protocol that delivers the event information to the server. Syslog was introduced in BSD UNIX, but is deployed on virtually all computers.
The syslog protocol runs over the User Datagram Protocol, with the server at well-known port 514. The protocol definition recommends that the source port also be 514, but, if the sender uses a different source port, it is further recommended that all traffic from that source use the same terminology.
For syslog, a computer that can generate a message is called a "device". A machine that can receive the message and forward it to another machine will be called a "relay".
What commonly is called a "syslog server" is formally a "collector". Any device or relay will be known as the "sender" when it sends a message.
- C. Lonvick (August 2001), The BSD Syslog Protocol, RFC3164