Syslog is a network protocol as described in RFC 5424 and RFC 3164 before that.
-AND-
Syslog is a standard in the *nix world. It's how you do logging. Even on just the local machine, UDP packets are never created. (Right?) The protocol, and the RFC, do not apply here.
What is Syslog predominantly, a protocol or a logging standard? Why?
I'm asking this so that I can update the Wikipedia page with the relevant information. In editing the page, do I focus on the protocol or the standard. It's not possible to do both. The answer to this question will be taken into account whether the page needs to be split into [Syslog] and [Syslog protocol] or not.
Syslog names an event notification system which originated with BSD UNIX. There are two standard interfaces to it.
One interface is in the UNIX standard. It consists of the openlog(), setlogmask(), syslog(), and closelog() functions, and the definitions in syslog.h. Applications can use this interface to create events. Events might go to a file, a console, a list of users, or a remote host; this is not determined by the standard. In Linux, the disposition of events is handled by the syslogd process, following the local policy defined in the file /etc/syslog.conf.
The other interface is described by RFC 3164 and updated in RFC 5424. It consists of a protocol for transmitting events to a remote host with UDP. Applications can use this interface to create events, but the more common user of the syslog protocol is syslogd itself, when it is forwarding events to a remote host.
It is wrong to say that UDP syslog packets are never created by UNIX hosts. When there are several hosts to manage, it is common practice to funnel some or all of the events to a designated host, so that there is one error log to monitor instead of many.