A wide variety of devices, such as printers, routers, and message receivers across many platforms use the syslog standard.

[3] Syslog originally functioned as a de facto standard, without any authoritative published specification, and many implementations existed, some of which were incompatible.

[citation needed] The information provided by the originator of a syslog message includes the facility code and the severity level.

For example, if the purpose of the system is to process transactions to update customer account balance information, an error in the final step should be assigned Alert level.

[13][4] Generated log messages may be directed to various destinations including console, files, remote syslog servers, or relays.

Most implementations provide a command line utility, often called logger, as well as a software library, to send messages to the log.

When operating over a network, syslog uses a client-server architecture where the server listens on a well-known or registered port for protocol requests from clients.

Various groups are working on draft standards detailing the use of syslog for more than just network and security event logging, such as its proposed application within the healthcare environment.

[18] Regulations, such as the Sarbanes–Oxley Act, PCI DSS, HIPAA, and many others, require organizations to implement comprehensive security measures, which often include collecting and analyzing logs from many different sources.

Managed Security Service Providers attempt to apply analytical techniques and artificial intelligence algorithms to detect patterns and alert customers to problems.