The Syslog Relay service provides two different functions on the appliance:
Chapter 9, Alert Configuration can be configured to send Syslog messages to one or more remote systems.
Services on the appliance that are syslog capable will have their syslog messages forwarded to remote systems.
A syslog message is a small event message transmitted from the appliance to one or more remote systems (or as we like to call it: intercontinental printf). The message contains the following elements:
A facility describing the type of system component that emitted the message
A severity describing the severity of the condition associated with the message
A timestamp describing the time of the associated event in UTC
A hostname describing the canonical name of the appliance
A tag describing the name of the system component that emitted the message. See below for details of the message format.
A message describing the event itself. See below for details of the message format.
Syslog receivers are provided with most operating systems, including Solaris and Linux. A number of third-party and open-source management software packages also support Syslog. Syslog receivers allow administrators to aggregate messages from a number of systems on to a single management system and incorporated into a single set of log files.
The Syslog Relay can be configured to use the "classic" output format described by RFC 3164, or the newer, versioned output format described by RFC 5424. Syslog messages are transmitted as UDP datagrams. Therefore they are subject to being dropped by the network, or may not be sent at all if the sending system is low on memory or the network is sufficiently congested. Administrators should therefore assume that in complex failure scenarios in a network some messages may be missing and were dropped.