What is the difference between SETP and Syslog?
This article explains the differences between SETP (Secure Event Transfer Protocol) and traditional Syslog, and when to use each protocol.
Traditional Syslog (UDP-based)
Traditional Syslog has been widely used for log message transfer for decades. Here are its characteristics:
- Protocol: UDP-based transmission
- Reliability: No guarantee of message delivery (best-effort delivery)
- Parsing: Limited field parsing – most database fields may remain empty
- Security: No built-in encryption or authentication
- Compatibility: Widely supported across network devices and servers
- Standards: RFC 3164 (traditional), RFC 5424 (structured), RFC 3195 (reliable)
For more details about Syslog, please visit:
http://www.monitorware.com/common/en/articles/syslog-described.asp
SETP (Secure Event Transfer Protocol)
SETP is Adiscons proprietary protocol designed to address the limitations of traditional Syslog:
- Protocol: TCP-based transmission
- Reliability: Guaranteed message delivery with acknowledgment
- Parsing: Complete field parsing – all database fields are populated
- Security: Built-in support for encryption and authentication
- Data Integrity: Full monitoring capabilities with complete field information
- Reporting: Enables more meaningful reports since all database fields contain data
Key Differences Summary
| Feature | Traditional Syslog | SETP |
|---|---|---|
| Transport | UDP | TCP |
| Delivery Guarantee | No | Yes |
| Field Parsing | Limited | Complete |
| Security | Basic | Enhanced |
| Best For | Network devices, compatibility | Internal systems, reliable logging |
When to Use Each Protocol
Use Traditional Syslog when:
- You need compatibility with network devices (routers, switches, firewalls)
- You are integrating with systems that only support Syslog
- You can tolerate occasional message loss
- You are sending logs across untrusted networks where UDP is preferred
Use SETP when:
- You require guaranteed message delivery
- You need complete database field population for comprehensive reporting
- You are logging from Windows servers and applications
- You need enhanced security and data integrity
- You are operating in a controlled, internal network environment
Important Considerations
Protocol Compatibility: Both the sender and receiver must support the same protocol. You cannot send data using SETP from MonitorWare Agent and receive it with a standard Syslog server that only supports UDP Syslog.
Modern Syslog Standards: While traditional UDP-based Syslog has limitations, newer standards like RFC 3195 (reliable syslog) and RFC 5424 (structured syslog) have been developed to address some of these issues. Adiscon products support these modern standards, which improve upon traditional Syslog while maintaining compatibility.
Migration Path: Many organizations use traditional Syslog for network devices and SETP for internal Windows-based logging. This hybrid approach provides the best of both worlds – compatibility with network infrastructure and reliability for critical application logging.