Sending Syslog messages over TCP.
By default syslog run over UDP port 514, UDP as well all know is unreliable. Now lets say you have a couple of core devices and you wanted to ensure the syslog messages from these devices successfully arrived to your syslog server or NMS well in that case I would say your best bet would be to configure syslog to use TCP to send syslog messages to that destination. This is conveniently configured in on simple line:
So now Syslog messages to 10.1.1.1 will be handled by TCP over port 8080, with that said you can even specify a different port number if you see it necessary, just remember to configure your syslog server to accept the syslog messages over the specific port that you can configure.
You can also use this configuration to change the default UDP port used by syslog if your environment calls for it. So instead of the default port UDP 514, syslog messages will be sent over UDP port 5514 in this example:
CCIE or Null! 
You’d be surprised I figured out how to do it myself on our R&D c1841, also setup DMVPN.
Steve Clark
March 14, 2013 at 2:35 PM
Awesome Steve, Sounds like your getting better with the Cisco side of it!
Something else you do on the Cisco side that might be useful is specify the Origin-ID and the facility, so you might be able to store syslog messages from different routers in different files or provide an easier way to search for syslog messages from a specific router. (by filtering by the Origin-ID)
Cisco Commands:
“logging facility %facility%
“logging origin-id string %string_name%
Stephen J. Occhiogrosso
March 23, 2013 at 11:27 AM