Syslogopedia:technical guide to syslog, and modern log pipelines

Jun 23, 2026

Syslog has been the backbone of infrastructure logging for decades. Network devices, operating systems, firewalls, and applications rely on it to send operational data.

Yet designing a reliable logging system requires more than forwarding messages. Engineers need to understand how syslog works, how implementations differ, and how log pipelines behave under real production load.

Syslogopedia is a curated knowledge base that documents these topics. It collects technical articles, architectural explanations, and engineering practices related to syslog and syslog-based logging systems.

The content reflects decades of practical experience building and operating logging infrastructure.

Syslog and Axoflow

The original syslog daemon was designed for relatively simple environments. As infrastructure grew in size and complexity, its limitations became increasingly visible.

In 1998, software engineer Balázs Scheidler (then a university student, now the CEO of Axoflow) created syslog‑ng, an enhanced implementation of syslog that supports more flexible log routing, filtering, and message processing.

Instead of simply forwarding messages, syslog‑ng introduced a pipeline model where log data could be filtered, parsed, transformed, and routed to multiple destinations.

Over time, syslog‑ng™ became one of the most widely used syslog implementations in open-source logging infrastructure and enterprise deployments.

Balázs has spent more than two decades working on logging infrastructure, security data pipelines, and large-scale log processing systems. Axoflow builds on his work on syslog‑ng and AxoSyslog (a GPLv3 fork of syslog-ng™).

Understanding syslog

The protocol behind logging infrastructures

Syslog is one of the oldest and most widely adopted logging protocols. Routers, Linux servers, databases, and many applications generate syslog messages as part of their normal operation.

Because of this ubiquity, syslog often becomes the foundation of centralized logging systems.

However, the protocol evolved gradually through different RFCs and implementations. Message formats, transports, and reliability guarantees can vary depending on the environment.

The articles collected in Syslogopedia explain:

  • how syslog messages are structured
  • how different syslog transports work
  • how implementations such as syslog-ng extend the protocol
  • how logging pipelines process and route messages