Syslog is a standard method by which computer devices can send event messages to a logging server, known as the syslog server. The syslog protocol is supported by a range of computer devices, but the focus of this document is the use of syslog to forward vSphere based logs to a centralized logging server for analysis, troubleshooting, and security auditing.

Unlike SNMP, syslog cannot be used to “poll” devices to gather information. Instead, syslog simply sends messages to a central location where special event handling can be triggered by receipt of specific log messages. It is possible to convert an SNMP trap into a syslog message by employing a service such as snmptrapd. Such a service can be installed on a system, which in turn, can forward converted SNMP messages to the remote syslog target. Such a solution can be implemented instead of, or in combination with, an SNMP monitoring system.

The structure of syslog messages is defined in RFC 5424, The Syslog Protocol at http://tools.ietf.org/html/rfc5424. (Third-party Web sites are not under the control of VMware, and the content available at those sites might change.) Every syslog message must contain five distinct fields as shown in the following figure. vRealize Log Insight can accept individual messages up to 100 KB in length.