What application protocol enables various appliances to send logs to a central server for incident investigation?

The application protocol that enables various appliances to send logs to a central server for incident investigation is Syslog. Syslog is widely used because it is specifically designed for the purpose of logging, facilitating the transmission of log messages from devices such as routers, switches, firewalls, and servers to a centralized logging server. This centralized logging capability is essential in security operations as it allows for efficient monitoring, analysis, and incident response.

Syslog supports a standardized format for log messages, which helps in the consistent interpretation of logs from different sources, making it easier to analyze incidents and troubleshoot issues. The timeliness and reliability of Syslog make it a fundamental tool in security operations for maintaining visibility into network and system activities.

In contrast, HTTP is primarily used for transferring web content, FTP is used for file transfer, and Kerberos is an authentication protocol, none of which are tailored specifically for the logging purpose that Syslog serves. Hence, when focusing on logging and incident investigation, Syslog stands out as the appropriate choice.