Syslogopedia:
technical guide to syslog, and modern log pipelines
Syslog has been the backbone of infrastructure logging for decades. Network devices, operating systems, firewalls, and applications rely on it to send operational data.
Yet designing a reliable logging system requires more than forwarding messages. Engineers need to understand how syslog works, how implementations differ, and how log pipelines behave under real production load.
Syslogopedia is a curated knowledge base that documents these topics. It collects technical articles, architectural explanations, and engineering practices related to syslog and syslog-based logging systems.
The content reflects decades of practical experience building and operating logging infrastructure.
Syslog and Axoflow
The original syslog daemon was designed for relatively simple environments. As infrastructure grew in size and complexity, its limitations became increasingly visible.
In 1998, software engineer Balázs Scheidler (then a university student, now the CEO of Axoflow) created syslog‑ng, an enhanced implementation of syslog that supports more flexible log routing, filtering, and message processing.
Instead of simply forwarding messages, syslog‑ng introduced a pipeline model where log data could be filtered, parsed, transformed, and routed to multiple destinations.
Over time, syslog‑ng™ became one of the most widely used syslog implementations in open-source logging infrastructure and enterprise deployments.
Balázs has spent more than two decades working on logging infrastructure, security data pipelines, and large-scale log processing systems. Axoflow builds on his work on syslog‑ng and AxoSyslog (a GPLv3 fork of syslog-ng™).
Understanding syslog
Syslog is one of the oldest and most widely adopted logging protocols. Routers, Linux servers, databases, and many applications generate syslog messages as part of their normal operation.
Because of this ubiquity, syslog often becomes the foundation of centralized logging systems.
However, the protocol evolved gradually through different RFCs and implementations. Message formats, transports, and reliability guarantees can vary depending on the environment.
The articles collected in Syslogopedia explain:
- how syslog messages are structured
- how different syslog transports work
- how implementations such as syslog-ng extend the protocol
- how logging pipelines process and route messages
.webp)
Technical discussions and webinars
Architecture sessions for engineers
In addition to written articles, the Axoflow team regularly hosts technical sessions focused on syslog architectures and log pipeline design.
.png)
Resilient Syslog Architectures
Attend our webinar by syslog-ng creator Balazs Scheidler and learn how you can improve your syslog architecture and log collection!
.png)
Syslog: Unlock Real-Time Visibility 1-2-3!
If you think “syslog is dead,” think again. With the right monitoring and visual insights, you can transform this tried-and-true protocol into a modern, efficient, and reliable foundation for enterprise logging.
Axosyslog
AxoSyslog builds on the foundations of syslog-ng™ while adapting the logging engine for modern infrastructure environments.
Comparisons and technical evaluations
Understanding different logging approaches
Several technical comparisons explore how different logging solutions approach pipeline design and observability integration. These pages examine architectural differences and practical trade-offs between implementations.
Axoflow Platform vs syslog-ng PE
AxoSyslog vs syslog-ng
Open source and community
Where syslog engineers collaborate
The syslog ecosystem includes an active community of engineers working on logging infrastructure.
syslog-ng subreddit
The syslog-ng subreddit hosts discussions about configuration, troubleshooting, and architecture questions:
AxoSyslog Discord server
The AxoSyslog Discord server provides a space for engineers to exchange ideas and discuss logging technologies: