Logs, Syslog, and Alerts

A log is a time-stamped record of an event: a login, an interface change, a dropped packet, or an error. Logs are the network's memory. When something breaks, logs let you reconstruct what happened and when. Without logging, troubleshooting becomes guesswork. With it, you have evidence to follow the trail back to a root cause.

Syslog is the long-standing standard for generating and sending event messages on network and Unix-like systems. Devices produce syslog messages and can forward them to a central syslog server. This centralization is powerful: instead of logging into 50 devices, you search one place. Syslog typically travels over UDP port 514.