Skip to content
Log in

Syslog

Definition

A standardised protocol (RFC 5424) for transmitting log messages from network devices to a centralised log server. Routers, switches, firewalls, and servers all generate syslog entries. The evidentiary value depends on the accuracy of the generating device's clock and the integrity of the log server.

Related terms

DHCP lease log
A record maintained by a Dynamic Host Configuration Protocol server that maps each IP address assignment to the requesting device's MAC address,...
Intrusion Detection System (IDS)
A network or host-based monitoring system that analyses traffic or system behaviour against a rule set (signature-based) or a statistical baseline (anomaly-based)...
NetFlow
A network protocol (originally Cisco, now standardised as IPFIX under RFC 7011) that records metadata about IP traffic flows: source and destination...
PCAP (packet capture)
A file format (and the process of creating it) that records every byte of every network packet passing a capture point, including...
RADIUS log
An authentication, authorisation, and accounting record produced by a Remote Authentication Dial-In User Service server. Each entry records the username, authenticating device...

Explained in

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account