From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Syslog

Syslog

- [Instructor] System monitoring creates massive amounts of data output that cybersecurity analysts must wade through when attempting to conduct log reviews. Fortunately, monitoring technologies provide ways for us to automate some of this work. One of the most important technologies that supports log monitoring is a protocol called Syslog. Syslog has been around for a long time. It actually dates back to the 1980s, but it is still in widespread use today. The syslog standard defines a very simple format that is used to create standardized log messages. Each message consists of four components. The first component is the header. The header contains information about the time and the source of the message. This includes a timestamp as well as the IP address and process ID that originated the log entry. The facility is a 24-bit code that describes where the message came from on the source system using a number between zero and…

Contents