Syslog is the common standard for system logging and management. Syslog requires a number of components to work effectively. An Originator, A Collector, and a relay.
An Originator is the node that the Syslog message is generated, this is usually a node on the network the requires monitoring. A collector is the server that receives the Syslog message. This server requires that a database be connected to store the collected data, as well as a monitoring software to store the data to the database, as well as monitor the data for errors. Lastly, the relay simply redirects the data from the originator or node so that it reaches the collector, server.
Although Syslog is an effective method of measuring and monitoring the data from a node there is a number of issues when using it. The first issue is the lack of encryption, Syslog does not provide any native encryption on its messages. This leaves the system open to vulnerability especially when something goes wrong. This is because it allows anyone who is watching the system to know when an error occurs, providing attackers with the knowledge of when the system is the most vulnerable.
Another issue that Syslog encounters is the lack of authentication between node and server. This means that devices are able to spoof another device’s connection and provide inaccurate data about the status of a node. This could mean that a node is showing an error despite, being completely fine. Just as a node that might be damaged, showing that it is completely fine.