Just a note, the post that I wrote is about Syslog messaging formats and the differences in formats (there are various use cases as to why, but is too long here, usually in cases like sending to SIEM).
There is Syslog as an actual messaging format (ie Syslog BSD, Syslog IETF) and protocol (see https://en.wikipedia.org/wiki/Syslog to read more and as a starting point) . And then there are company published Syslog implementations and various other utilies based on the protocol (ie Syslog-ng, Rsyslog).
As an absolut log-o-holic I would suggest avoiding syslog anywhere you can ... there are far better log shipping solutions out there (filebeat/winlogbeat for example).
Is a great starting point about Syslog as well
I am intimately familiar with the various syslog protocols :) But my main argument was that there are better solutions for either logging or log shipping on anything that's not an appliance or a device nowadays, especially if you are serious about logging.
Just to give a small example - our logging infrastructure ingests > 20TB / day at over 1.000.000 EPS during peak times from tens of thousands of devices.
@superruserr I love these, thank you!
A Mastodon instance for info/cyber security-minded people.