Logging system messages sounds easy enough. All a program needs is to append new lines at the end of a file. However, this simple approach has very limited flexibility. To offer flexibilities that are applicable to all programs, most Linux systems use a daemon to handle the logging of messages. The daemon is commonly known as syslogd. As a daemon, the process listens to several interfaces for requests to log to files.
The most common interface is a “socket” in the local file system. However, syslogd is also capable of listening to remote hosts. In a trusted network environment, a computer (workstation or server) can rely on another computer to store and process its logs. This is particularly helpful when diskless workstations are to be deployed.