The O'Reilly Network continues its look at basic security tools
with snort and syslog:
Have you ever looked in your /var/log directory and
wondered, "Where'd all those log files come from?" Chances are they
were created by syslog, the system logging facility. syslog
actually consists of a couple different tools that were originally
part of the BSD distributions.
syslog has been ported to Linux and many other Unix operating
systems (Solaris, HP-UX, etc.) and keeps all the same functionality
of the original program. In some cases, a few functions have been
added but nothing has been removed. I would consider syslog to be
more of a "system" rather than a tool.
There are four parts to syslog; a syslogd daemon process, a
klogd daemon process, a programming interface syslog.h, and a
configuration file /etc/syslog.conf which is the key to the whole
system. The programming interface is used by many other programs,
such as Tripwire, to log activity on your system. Unless you're
writing a security tool, or want to incorporate syslog in some
other application you are writing, you won't use the programming
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.