syslog is a standardized protocol used to send Logs and events to the Log server.
syslog can be used in different platforms like Linux, Windows, Unix, Applications etc. In this tutorial we will look the default syslog port and secure syslog port and some examples about how to change this port number.
Default Port Number UDP 514
syslog is a protocol which is defined in RFC 5424 and RFC 3164 . The port number is defined as
514 with UDP protocol for syslog services. There is also a recommendation about source port to be UDP
514 too. This port number also registered by IANA to the
syslog protocol which means other applications can not use 514 as official default port.
Alternative and Reliable Port Number TCP 514
As stated previously the default port of syslog is
UDP 514 as we know
UDP is unreliable protocol according to TCP. syslog can be used for important security logs which can not tolerate log loss. We can use
TCP which is far more reliable than UDP with the same port number 514.
Secure Encrypted Port Number TCP 6514
In some cases strict security standards like PCI-DSS and HIPAA needs the logs to be securely transferred. Also the security policy of the company may requires also this type of the transport security. In this case we can use
TCP 6514 port. This is not an official port but its de facto standard of the implementation.
Cisco Set Syslog Server Port Number
As an example we can collect syslogs in Cisco devices with the following commands and configuration.
First we need to enable logging and start syslog service with the following command.
sw(config)# logging enable
then we will specify the log server IP address. But we can also specify the protocol and port number explicitly. This is not mandatory and if not specified the default
udp/514 will be set.
sw(config)# logging host 192.168.10.10 tcp/514