syslog is a standardized protocol used to send Logs and events to the Log server. syslog can be used in different platforms like Linux, Windows, Unix, Applications etc. In this tutorial we will look the default syslog port and secure syslog port and some examples about how to change this port number.

Default Port Number UDP 514

syslog is a protocol which is defined in RFC 5424 and RFC 3164 . The port number is defined as 514 with UDP protocol for syslog services. There is also a recommendation about source port  to be UDP 514 too.  This port number also registered by IANA to the syslog protocol which means other applications can not use 514 as official default port.

Alternative and Reliable Port Number TCP 514

As stated previously the default port of syslog is UDP 514 as we know UDP is unreliable protocol according to TCP. syslog can be used for important security logs which can not tolerate log loss. We can use TCP which is far more reliable than UDP with the same port number 514.

Secure Encrypted Port Number TCP 6514

In some cases strict security standards like PCI-DSS and HIPAA needs the logs to be securely transferred. Also the security policy of the company may requires also this type of the transport security. In this case we can use TCP 6514 port. This is not an official port but its de facto standard of the implementation.

Cisco Set Syslog Server Port Number

As an example we can collect syslogs in Cisco devices with the following commands and configuration.

First we need to enable logging and start syslog service with the following command.

sw(config)# logging enable

then we will specify the log server IP address. But we can also specify the protocol and port number explicitly. This is not mandatory and if not specified the default udp/514 will be set.

sw(config)# logging host 192.168.10.10 tcp/514