yule (version
      1.2.8+) can listen on port 514/udp to collect reports from
      syslog clients. This must be enabled by using the 
      --enable-udp configure
      option when compiling. In addition, in the 
      Misc section of the configuration file,
      you must set the option 
      SetUDPActive=
      yes .
This option requires to run 
      yule either as 
      root, or as 
      SUID root. For security, 
      yule will drop root
      privileges irrevocably immediately after binding to port
      514/udp. It will assume the credentials of some compiled-in
      user. The default is 'yule', 'daemon', or 'nobody' (i.e. the
      first of these that exists on your system). You can override
      this with the 
      --enable-identity=
      USER option. Note that
      each daemon should have its own user/group, such that an
      exploit will not give write access to files owned by other
      daemons.