From 6d0ea31c27706ddf21cd0de2bbce797358cf39e5 Mon Sep 17 00:00:00 2001
From: Izaya <redtailedairways@gmail.com>
Date: Wed, 25 Jul 2018 21:28:25 +1000
Subject: [PATCH] protocol documentation for syslog

---
 syslog/syslog-protocol.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 syslog/syslog-protocol.md

diff --git a/syslog/syslog-protocol.md b/syslog/syslog-protocol.md
new file mode 100644
index 0000000..637cbc1
--- /dev/null
+++ b/syslog/syslog-protocol.md
@@ -0,0 +1,17 @@
+# Syslog - Simple, network-capable event logging.
+
+Logging is an important part of monitoring and maintaining a computer system. In the Unix world, you have [syslog](https://en.wikipedia.org/wiki/Syslog), which is, indeed, the inspiration of the Minitel syslog protocol.
+
+Syslog for Minitel is a simple protocol designed for ease of implementation and filtering, and uses port 514 by default.
+
+## Packet format
+
+A syslog packet may be reliable or unreliable, and may not be larger than 4096 bytes. Each packet consists of 3 sections, separated by tabs:
+
+- The *service* field, containing the name of the service or other software that generated the event.
+- The *level* field, a number indicating the severity of the event, as specified in [RFC 5424, section 6.2.1, table 2.](https://tools.ietf.org/html/rfc5424#section-6.2.1)
+- The *message* field, containing information about the event.
+
+## Behavior of syslog servers
+
+Once an event is received over the network, the server may choose to save, relay, filter or drop an event as it chooses.