Internet-Security.com UDP port 514 details

UDP port 514 is used by the BSD Syslog protocol for transmitting logs.
Syslog servers that listen on UDP 514 include rsyslog (Linux), syslog-ng, and the classic syslogd on Unix/BSD.
Network devices that send logs to UDP 514 include Cisco IOS/ASA/NX-OS, Juniper JUNOS, MikroTik RouterOS, Fortinet FortiGate, Palo Alto Networks firewalls, and F5 BIG-IP.
Windows commonly uses agents like NXLog and Snare to send to/receive from UDP 514, and SolarWinds Kiwi Syslog Server listens on UDP 514.
SIEM/log platforms that ingest on UDP 514 include Graylog (Syslog UDP input), IBM QRadar, Splunk via Splunk Connect for Syslog or a heavy forwarder’s UDP input, and Logstash’s syslog input.
Virtualization and infrastructure products such as VMware ESXi/vCenter and firewall/router platforms like pfSense/OPNsense and Check Point appliances forward logs to syslog servers on UDP 514.
Security note: Open UDP 514 services are frequently probed and can be abused for log injection/spoofing or to exploit flaws in syslog receivers, though they are not typical DDoS amplification vectors.

UDP 514