What is the Syslog Probe in ServiceNow and how does it work?Summary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #6e9db4; } a:visited { font-size: 12pt; color: #7057C7; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: block; max-width: 500px !important; width: auto; height: auto; } } The Syslog Probe allows ServiceNow to send system logs or custom log messages to an external logging server using the syslog protocol over an IP network. It helps in centralizing and monitoring logs for security, compliance, or troubleshooting purposes. How does it work? The probe is launched using the Syslog Script Include. This script can be triggered from: Business RulesEventsOrchestration activities It uses a MID Server to transmit log messages to the destination. The target machine must have a syslog-compatible server running. Prerequisites: Before using the Syslog Probe, ensure the following: A configured and validated MID Server must be available in your environment.The external system must be running a syslog-compatible service (e.g., ArcSight, Splunk, syslog-ng, LogLogic).Ensure the MID Server can reach the target syslog server over the required port (typically UDP 514).Proper configuration in the Script Include call.The hostname, MID Server name, facility code, and severity level must be specified correctly. Sample Code: var sl = new Syslog('FQDN of your syslog server', 'mid.server.Eclipse', 16);sl.log('This is a sample log message', 6); Code Explanation: new Syslog('FQDN', 'MID Server Name', 16) FQDN: Fully Qualified Domain Name of your syslog server (e.g., logs.example.com)'mid.server.Eclipse': The name of the MID Server that will send the logs16: Facility code (represents the source of the log message, e.g., local0) sl.log('message', 6) 'This is a sample log message': The actual message that will be sent to the syslog server6: Severity level (Informational) Syslog Facility and Severity Codes: In the syslog protocol, a facility is a way to categorize the source of the log message. It helps the syslog server organize and filter logs based on where they came from, like the kernel, mail system, local application, etc. Facility Code Meaning0–7Kernel to news16–23Local use (local0 to local7) Severity Code Level0Emergency1Alert2Critical3Error4Warning5Notice6Informational7Debug Conclusion: The Syslog Probe is a powerful way to extend your ServiceNow logging into enterprise-grade logging tools. By leveraging the MID Server and the Syslog Script Include, organizations can ensure critical logs are shared with security and monitoring tools in real time. Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #6e9db4; } a:visited { font-size: 12pt; color: #7057C7; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: block; max-width: 500px !important; width: auto; height: auto; } } https://www.servicenow.com/docs/bundle/yokohama-platform-administration/page/integrate/vendor-specific-integrations/reference/r_SyslogProbe.html