diff --git a/ChangeLog b/ChangeLog
index 513dbff..53333c4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,8 @@ vNEXT:
 
 	Added probes for UDP protocols QUICK and Teamspeak.
 
+	Added probes for syslog protocol.
+
 	sslh-select refactored to change linear searches
 	through connections to linear searches through
 	fd_set.
diff --git a/probe.c b/probe.c
index 38b867c..28e58fe 100644
--- a/probe.c
+++ b/probe.c
@@ -40,6 +40,7 @@ static int is_adb_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_
 static int is_socks5_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
 static int is_quick_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
 static int is_teamspeak_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
+static int is_syslog_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item*);
 static int is_true(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto) { return 1; }
 
 /* Table of protocols that have a built-in probe
@@ -56,6 +57,7 @@ static struct protocol_probe_desc builtins[] = {
     { "socks5",     is_socks5_protocol },
     { "quick50",    is_quick_protocol },
     { "teamspeak",  is_teamspeak_protocol },
+    { "syslog",     is_syslog_protocol },
     { "anyprot",    is_true }
 };
 
@@ -311,6 +313,19 @@ static int is_teamspeak_protocol(const char *p, ssize_t len, struct sslhcfg_prot
     return memmem(p, len, "TS3INIT1", 8) ? 1 : 0;
 }
 
+static int is_syslog_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)
+{
+    int res, i, j;
+
+    res = sscanf(p, "<%d>", &i);
+    if (res == 1) return 1;
+
+    res = sscanf(p, "%d <%d>", &i, &j);
+    if (res == 2) return 1;
+
+    return 0;
+}
+
 static int regex_probe(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)
 {
 #ifdef ENABLE_REGEX
diff --git a/sslh-conf.c b/sslh-conf.c
index 86e1e6b..cf255a8 100644
--- a/sslh-conf.c
+++ b/sslh-conf.c
@@ -1,5 +1,5 @@
 /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sun Aug  1 21:58:56 2021. 
+ * on Wed Aug  4 09:40:03 2021. 
 
 # conf2struct: generate libconf parsers that read to structs
 # Copyright (C) 2018-2021  Yves Rutschle
@@ -466,6 +466,7 @@ struct arg_file* sslhcfg_conffile;
  	struct arg_str* sslhcfg_socks5;
  	struct arg_str* sslhcfg_quick50;
  	struct arg_str* sslhcfg_teamspeak;
+ 	struct arg_str* sslhcfg_syslog;
  	struct arg_str* sslhcfg_anyprot;
  struct arg_end* sslhcfg_end;
 
@@ -1020,6 +1021,14 @@ static struct compound_cl_target sslhcfg_anyprot_targets [] = {
 	{ 0 }
 };
 
+static struct compound_cl_target sslhcfg_syslog_targets [] = {
+	{ & table_sslhcfg_protocols[0], 0, .value.def_string = "syslog" },
+	{ & table_sslhcfg_protocols[1], 1, .value.def_string = "0" },
+	{ & table_sslhcfg_protocols[2], 2, .value.def_string = "0" },
+	{ & table_sslhcfg_protocols[9], 0, .value.def_int = 1 },
+	{ 0 }
+};
+
 static struct compound_cl_target sslhcfg_teamspeak_targets [] = {
 	{ & table_sslhcfg_protocols[0], 0, .value.def_string = "teamspeak" },
 	{ & table_sslhcfg_protocols[1], 1, .value.def_string = "0" },
@@ -1246,6 +1255,18 @@ static struct compound_cl_arg compound_cl_args[] = {
             .override_const = "teamspeak",
         },
 
+        {   /* arg: syslog */
+            .regex =           "(.+):(\\w+)",
+            .arg_cl =          & sslhcfg_syslog,
+            .base_entry =      & table_sslhcfg [13],
+            .targets =         sslhcfg_syslog_targets,
+
+
+            .override_desc =   & table_sslhcfg_protocols [0],
+            .override_matchindex = 0,
+            .override_const = "syslog",
+        },
+
         {   /* arg: anyprot */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_anyprot,
@@ -1937,6 +1958,7 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg)
  	sslhcfg_socks5 = arg_strn(NULL, "socks5", "<host:port>", 0, 10, "Set up socks5 target"),
  	sslhcfg_quick50 = arg_strn(NULL, "quick50", "<host:port>", 0, 10, "Set up QUICK-50 target"),
  	sslhcfg_teamspeak = arg_strn(NULL, "teamspeak", "<host:port>", 0, 10, "Set up Teamspeak3 target"),
+ 	sslhcfg_syslog = arg_strn(NULL, "syslog", "<host:port>", 0, 10, "Set up syslog target"),
  	sslhcfg_anyprot = arg_strn(NULL, "anyprot", "<host:port>", 0, 10, "Set up default target"),
  	sslhcfg_end = arg_end(10)
 
diff --git a/sslh-conf.h b/sslh-conf.h
index 4219d21..c94c41d 100644
--- a/sslh-conf.h
+++ b/sslh-conf.h
@@ -1,5 +1,5 @@
 /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sun Aug  1 21:58:56 2021. 
+ * on Wed Aug  4 09:40:03 2021. 
 
 # conf2struct: generate libconf parsers that read to structs
 # Copyright (C) 2018-2021  Yves Rutschle
diff --git a/sslhconf.cfg b/sslhconf.cfg
index efb8cde..6881b2d 100644
--- a/sslhconf.cfg
+++ b/sslhconf.cfg
@@ -244,6 +244,17 @@ cl_groups: (
         { path: "log_level"; value: 1 }
         );
     },
+    { name: "syslog"; pattern: "(.+):(\w+)"; description: "Set up syslog target";
+        list: "protocols";
+        override: "name";
+        argdesc: "<host:port>";
+        targets: (
+        { path: "name"; value: "syslog" },
+        { path: "host"; value: "$1" },
+        { path: "port"; value: "$2" },
+        { path: "log_level"; value: 1 }
+        );
+    },
     { name: "anyprot"; pattern: "(.+):(\w+)"; description: "Set up default target";
         list: "protocols";
         override: "name";
diff --git a/t b/t
index 0f85dc3..7f8185c 100755
--- a/t
+++ b/t
@@ -137,6 +137,7 @@ sub test_probes {
                 data => "\x16\x03\x01\x00\xab\x01\x00\x00\xa7\x03\x03\x89\x22\x33\x95\x43\x7a\xc3\x89\x45\x51\x12\x3c\x28\x24\x1b\x6a\x78\xbf\xbe\x95\xd8\x90\x58\xd7\x65\xf7\xbb\x2d\xb2\x8d\xa0\x75\x00\x00\x38\xc0\x2c\xc0\x30\x00\x9f\xcc\xa9\xcc\xa8\xcc\xaa\xc0\x2b\xc0\x2f\x00\x9e\xc0\x24\xc0\x28\x00\x6b\xc0\x23\xc0\x27\x00\x67\xc0\x0a\xc0\x14\x00\x39\xc0\x09\xc0\x13\x00\x33\x00\x9d\x00\x9c\x00\x3d\x00\x3c\x00\x35\x00\x2f\x00\xff\x01\x00\x00\x46\x00\x0b\x00\x04\x03\x00\x01\x02\x00\x0a\x00\x0a\x00\x08\x00\x1d\x00\x17\x00\x19\x00\x18\x00\x23\x00\x00\x00\x0d\x00\x20\x00\x1e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x00\x16\x00\x00\x00\x17\x00\x00hello tls alone"
             },
             'openvpn' => { data => "\x00\x00" },
+            'syslog' => { data => "<42> My syslog message" },
             'tinc' => { data => "0 hello" },
             'xmpp' => {data => "I should get a real jabber connection initialisation here" },
             'adb' => { data => "CNXN....................host:..." },
diff --git a/test.cfg b/test.cfg
index 5fa4189..7dd66ea 100644
--- a/test.cfg
+++ b/test.cfg
@@ -31,8 +31,7 @@ protocols:
      { name: "openvpn";  host: "localhost"; port: "9004"; },
      { name: "xmpp";  host: "localhost"; port: "9009"; },
      { name: "adb";  host: "localhost"; port: "9010"; },
-     { name: "quick50"; host: "localhost"; is_udp: true; port: "9011"; },
-     { name: "teamspeak"; host: "localhost"; is_udp: true; port: "9012"; },
+     { name: "syslog"; host: "localhost"; port: "9013"; },
      { name: "regex"; host: "ip4-localhost"; is_udp: true; port: "9020";
          udp_timeout: 30;
          regex_patterns: [ "^foo" ];