Features

syslog messages from multiple originators are collected by the server

Syslog Collector

Syslog collector is an essential component of the syslog server. The syslog message collector in Syslog Watcher accepts system messages from any network equipment, supports all major protocols and standards, and can handle heavy traffic flow.

High-performance architecture for thousands of connections
Syslog over UDP (RFC5426 ), reliable Syslog over TCP (RFC6587 )
Reliable and secure Syslog over an encrypted TLS (RFC5425 )
Unlimited number of local IPv4/IPv6 addresses to listen to
Support for messages that passed through a syslog relay (proxy)
Severity and keyword filters to screen out unwanted syslog messages
Adjustable socket buffer size and maximum message length
COMING Access Control Lists (ACL) with traffic shaping

Syslog Storage

Syslog storage is the crucial part that interconnects component of a syslog server. The syslog storage in Syslog Watcher is fast, efficient, and suitable for most use cases.

Optimized syslog storage architecture based on SQLite engine
High writing (35k+ msg/s) and sequential reading (250k+ msg/s) speed
Maximum storage size is only limited by hardware (disk space)
Option to limit the syslog storage size or retention period (days)
Syslog messages are indexed by originator/severity for faster access
Flexible groups of originators simplify message filtering and analysis

Syslog Archive

Syslog storage archive is a compressed (optionally encrypted) copy of the collected syslog messages, which may be stored in remote storage or the cloud.

Daily syncs make the archive an up-to-date backup of the syslog storage
Incremental updates provide optimal size and eliminate redundant data
Compressed archive stores 10х more syslog messages in the same disk space
Encrypted syslog archive ensures that the collected messages are kept safe
COMING Post-synchronization script for integration with cloud services

a syslog message is decomposed into useful pieces of information

Syslog Message Parser

Extracting practical data from collected syslog messages is extremely important. Customizable syslog parsers allow Syslog Watcher to support most syslog message formats.

Regular expressions extract useful data fields from syslog messages
Standard syslog in BSD (RFC3164 ) and IETF (RFC5424 ) format
Built-in support for CEF syslog format and COMING LEEF syslog format
Support for UTF-8 and other non-ASCII message encodings
Multiple parsers, selected individually for each syslog originator
Knowledge Base (KB) files are a powerful tool for turning syslog message identifiers into useful information

Syslog Message Viewer

Collected syslog data are only useful if you can view, filter and search syslog messages. Complex filter expressions enable syslog viewers to find problems and determine their causes. Syslog viewers support layout customization and colorization rules for better data visualization.

Multi-window syslog viewer for search and message filtering results
View recently received syslog messages with auto-refresh feature
Fully customizable table layout to show only important message parts
Filter-based colorization (color/background) rules improves skimming
User-defined HTML-based template to display message details
Virtualized display table makes it easy to view millions of messages
Rich controls to set, shift, and adjust time range for messages
Instant search for the messages loaded into the grid

Monitoring and Alerts

A critical feature of Syslog Watcher is its ability to monitor incoming messages and promptly notify administrators about issues in real time.

Alerts in response to incoming syslog messages that match complex filters
Sending syslog alerts as emails (SMTP) to administrators, multiple alert groups
Consolidate multiple alerts into one email to reduce the email server load
COMING Forwarding alerts to third-party services via HTTP requests
COMING Counters for generating alerts based on multiple messages, their frequency or absence

syslog report example with pie and bar charts

Log Analysis and Reports

A syslog server collects millions of messages per hour. Analyzing the logs and generating reports based on the examination results are vital features.

Powered by advanced syslog filters, syslog parsers, and data extraction
Flexible report file format based on HTML/CSS with JavaScript
Powerful SQL-backed data collection commands
COMING Scheduled report generation
COMING Sending syslog reports by email

central component forwards syslog messages to other solutions

Log Export and Forwarding

Export and forwarding are important features for integrating Syslog Watcher with other monitoring and data analysis solutions.

Applying complex filters to export/forward only the necessary messages
Export syslog messages to any (SQL, NoSQL) database via ODBC
Export syslog messages to any (CSV, XML, JSON, etc.) text file types
Forward syslog messages (via UDP/TCP/TLS) to another syslog server or SIEM
Flexible data transformation before export or forwarding