Security concerns

Both of these security concerns can be addressed fairly easily with relay programs that use TCP protocol and encryption.

In most situations, because syslog messages are transmitted on secure networks, security considerations are not overbearing. As is commonly mentioned, if an organization is under attack, the syslog messages are probably of the least importance to the attacker. (This depends on the degree of importance that the syslog protocol has assumed in the organization, and the awareness of this fact by the attacker.)

Conclusions

Syslog protocol is a highly valuable, well tried, and typically underutilized method of achieving stable networks, informed managers, and problem awareness.

Because it relies on the copious existing syslog generators on the network (in the form of Unix boxes, firewalls, application programs, routers) and because syslog is easily adapted to homegrown monitoring, it is a highly cost-effective way of implementing a management solution or augmenting a management strategy.

RFC 3164 concludes with the following cautionary statement, the truth of which should be easily recognized and accepted—There have been attempts in the past to standardize the format of syslog messages. Many good thoughts have come from that effort, and interested implementers may want to find notes or papers regarding that effort. It must be cautioned that the simplicity of the existing system has been of tremendous value to its acceptance. Anything that lessens that simplicity may diminish that value.