The answer is neither; SNMP and Syslog are both protocols that are part of an overall network management strategy that an organization may choose to use based on their business needs. If you are monitoring solely for up/down status, well known error conditions, some performance parameters and high-level troubleshooting, then SNMP will address your needs.

However, to understand individual device to device or user to device transactions then there are a number of protocols you might choose to employ to obtain that additional level of detail. Furthermore, when system security, auditing, and compliance come into play beyond basic operational monitoring needs, there is a gamut of protocols that become relevant: Syslog, Windows Event Logs, Netflow/jFlow/sFlow, SSH, Telnet, VIM, TFTP, etc.

If we limit our discussion to network devices then SNMP and Syslog are perhaps the two most important protocols, however telnet, SSH, and TFTP are typically also part of an overall management solution. Virtually all network management solutions use SNMP as their main mechanism to provide status of networked devices, however SNMP generally does not provide the granularity available through Syslog. For example, a large Cisco switch may have over 6,000 different Syslog event messages and the specific SNMP MIB for the device supports approximately 90 trap notifications.

While SNMP can typically be used to alert when a configuration changes, configurations cannot be backed up, restored, or otherwise checked for specific policy violations using SNMP, that is the realm of TFTP, and SSH/Telnet. Additionally, if you want detailed bandwidth utilization metrics on hosts and protocols traversing the network, flow records will be very important.

The important thing to realize is that no protocol is "better" than another inherently; rather each serves a different function whose necessity will depend on your business needs. Generally speaking if you have any security, auditing, or compliance needs you will need both Syslog and SNMP to meet your requirements.

(VG) VirtualGraffiti.com

(HC) HostCheetah.com