Syslog servers provide a method for centralized storage and retrieval of system log messages. ECS supports forwarding of alerts and audit messages to remote syslog servers, and supports operations using the following application protocols:
BSD Syslog
Structured Syslog
Alerts and audit messages that are sent to Syslog servers are also displayed on the ECS Portal, with the exception of OS level Syslog messages (such as node SSH login messages), which are sent only to Syslog servers and not displayed in the ECS Portal.
Once you add a Syslog server, ECS initiates a syslog container on each node. The message traffic occurs over either TCP or the default UDP.
ECS sends Audit log messages to Syslog servers, including the severity level, using the following format: