Syslog Watcher 6.5 - Release Notes

Here are major updates since Syslog Watcher 6.2.

Export From Storage

Syslog Watcher 6.5 enables you to export the collected messages from the syslog storage to various text formats like CSV, XML, JSON, etc. You can benefit from multiple configurable exporters and export settings history.

Improved Message Viewer

Syslog Watcher 6.5 / Redesigned Viewer Toolbar

We’ve made some improvements to the design of the viewer and toolbar to enhance user-friendliness. It’s now easier to navigate through a large number of messages with the addition of the “Prev. Page” button. The details panel can now be stacked to the left or right side of the window for better screen organization. You can copy messages to the Clipboard in various formats to integrate with other tools. The view history feature lets you easily save and access previously viewed content.

Last Messages View

Based on user feedback, we have returned the permanent “View: Latest” tab. The view with the most recent messages is available with just one click.

Syslog Watcher 6.5 / Last Messages Toolbar

Storage Archive Encryption

Password-protected storage archive files allow you to meet security requirements, especially if the archives are copied to a remote, less secure location.

Advanced Message Formatting

Maximum field length limit

Number modifier limits the length of a formatted value.
Example: {MESSAGE|10} will be 10 symbols or shorter.

Regular expression transforms value in-place

A regular expression extracts data from a field on the fly. For example, message has {SRC_PORT} field equals to src_port="514".
{SRC_PORT|r/"(\d+)"/} prints port number only: 514

Escapers prepare data for output

EscCsv is a special modifier that doubles all quotes (“) to prepare for output to CSV-files, for example {MESSAGE|EscCSV}.
Other available escapers: EscHtml, EscSql.

Default field values

The question mark modifier sets the default value: {MSG_ID|?unknown} formats the field to unknown if {MSG_ID} is blank.

Versatile Report Engine

Syslog Watcher 6.5 / Syslog Report Example

Syslog Watcher 6.5 includes a new report engine that can generate reports using the collected syslog messages.

SQL powers report templates for flexible data collection. A customizable text output means a wide variety of reports can now be generated.

New Filter Features

Numeric value comparison

Number comparisons are handled correctly, for example: {PORT_NUMBER} < 1024. (Do not enclose numbers in quotes.)

Filter List (FL) files and IN operator

Filter lists allow you to simplify filter expressions and separate data from logic, for example: {SRC_IP} IN allowed_ips.

Advanced formatting described above also improves filtering

Knowledge Base (KB) Files

Syslog Watcher 5’s support for VendorPack files containing vendor-specific information was a well-received feature. In Syslog Watcher 6.5, we introduced Knowledge Base (KB) files that offer even more advanced capabilities. KB files provide extra information and offer great flexibility in message formatting for output and export purposes.

Message Context

The message context feature is advanced and practical. You can use it to add extra data fields to messages, which can include other fields and so on. This feature is beneficial for complex processing and transforming messages.

Miscellaneous Improvements

  • Redesigned syslog parser with sections
  • File size limitation for Export to Files
  • Allow only incoming messages with keywords

Version History

Version 6.5.10 (July 8, 2024)
  • FIXED Extracting message fields (shorter messages with many fields)
  • IMPROVED Handling transactions while exporting to external databases
Version 6.5.9 (June 12, 2024)
  • FIXED Processing of multiline messages in email alerts
  • IMPROVED Handling file locking when exporting to files
  • IMPROVED Updated SQLite to version 3.46.0
  • IMPROVED Updated OpenSSL to version 3.1.6
Version 6.5.8 (February 14, 2024)
  • FIXED Creating/modifying originator groups
  • FIXED Handling message context for grid layout
  • FIXED Brackets in the SD field (Standard IETF syslog parser)
  • IMPROVED Updated SQLite to version 3.45.1
  • IMPROVED Updated OpenSSL to version 3.1.5
Version 6.5.7 (January 19, 2024)
  • FIXED Extracting data fields with a regular expression (parser, viewer and features)
Version 6.5.6 (January 10, 2024)
  • FIXED Support for Windows 7 / Windows Server 2008
  • IMPROVED Minor UI improvements
  • IMPROVED SQLite updated to version 3.44.2
  • IMPROVED OpenSSL updated to version 3.1.4
  • IMPROVED Timezone database updated to 2023d
Version 6.5.5 (December 3, 2023)
  • FIXED Forwarding syslog messages over TLS
  • FIXED Receiving syslog messages over TLS v1.0/v1.1
  • FIXED Changing HPF (hours per file) storage parameter
  • ADDED Copying parsed messages to the clipboard in JSON format
  • IMPROVED Minor UI improvements
Version 6.5.4 (September 24, 2023)
  • ADDED Field enumeration tag {*|...}
  • ADDED NOT_IN operator for filters
  • ADDED Option to set email subject for alerts
  • ADDED Built-in view layout for CEF-formatted logs
  • FIXED Minor UI changes and improvements
Version 6.5.3 RC (August 30, 2023)
  • FIXED Maximum number of messages per view and pagination
  • ADDED Advanced report template with charts
  • ADDED View layout with RFC fields
  • IMPROVED Minor UI improvements
Version 6.5.2 RC (August 5, 2023)
  • IMPROVED Server status tab
  • ADDED Filter operator: DOES_NOT_CONTAIN
  • FIXED Email alert triggering
Version 6.5.1 RC (July 13, 2023)
  • IMPROVED Lots of minor fixes and improvements
Version 6.5.0 BETA (June 15, 2023)
  • INFO Initial release of Syslog Watcher 6.5