Syslog Watcher 6.2 vs. 5.x

Below we compare the new version 6 of our syslog server with the previous version 5. The table includes only the main differences. You can find the complete list of Syslog Watcher’s features here. We highlight the features that are superior to the similar ones in the other version.

Syslog Watcher 6 will receive updates every few months. We will update this comparison as new versions are released.

General

Syslog Watcher 6.2
  • High-performance multithreaded 64-bit architecture
  • Remote access to the server is possible with Microsoft RDP connection
Syslog Watcher 5.x
  • High-performance 32-bit architecture
  • Built-in remote access to Syslog Watcher server

Collecting Syslog Messages

Syslog Watcher 6.2
  • Unlimited number of network interfaces
  • Receives syslog over UDP/TCP/TLS
  • Full support of RFC5424 (The Syslog Protocol)
  • Correctly handles forwarded syslog messages
  • Individually configurable parser for each originator
  • Options to drop unwanted incoming syslog messages
  • Ultimate License is required for an unlimited number of originators
Syslog Watcher 5.x
  • Only one network interface per protocol/port combination
  • Receives syslog over UDP/TCP, no TLS support
  • Partial support of RFC5424 (The Syslog Protocol)
  • Does not support forwarded syslog messages
  • Only one pre-configured built-in parser, same for all originators
  • Receives all (even unwanted) incoming syslog messages
  • Unlimited number of syslog originators

Syslog Storage

Syslog Watcher 6.2
  • Syslog storage optimized for large volumes of collected messages
  • Options to limit the maximum size of the syslog storage (GB or days)
  • Incremented compressed backups of the collected data (archive)
Syslog Watcher 5.x
  • Performance of the server degrades as the syslog storage growths
  • The syslog storage size is limited indirectly (days of collected data)
  • Full storage backups only (slow and much redundant data)

Viewing Messages

Syslog Watcher 6.2
  • Unlimited number of independently customizable viewers
  • Complex search/filtration with logical operations, parentheses
  • Multiple, fully customizable grid viewer layouts
  • Search among already loaded messages: simple field
  • Manual viewer updates only
  • No support for VendorPack
  • Pagination: continue browsing/searching after a part is loaded
Syslog Watcher 5.x
  • Three permanent sylog viewers: last, storage, search results
  • Limited (but visual) set of filtration rules combined with AND op.
  • Grid layout customization is limited (show/hide column only)
  • QuickFind and QuickFilter for already loaded messages
  • Live view of last N messages with automatic refresh
  • VendorPack with helpful information about message meanings
  • Displays only the first part of requested syslog messages

Email Alerts

Syslog Watcher 6.2
  • Unlimited number of alert groups with independent SMTP settings
  • Can consolidate multiple alerts into one email
  • Additional field extractor for data transformation
  • Asynchronous export (retries after errors, continues after recovery)
Syslog Watcher 5.x
  • Only one group of email alert
  • Sends email for each alert (can overflow email server)
  • Uses only data fields extracted by the built-in parser
  • Synchronous alerts (stops on errors, alerts may be lost)

Exporting to Text Files

Syslog Watcher 6.2
  • Unlimited number of exporters with complex independent filters
  • Additional field extractor for data transformation
  • Asynchronous alerts (retries on errors, continues after recovery)
  • Unlimited nesting depth of subfolders
  • No support for limiting the size of the exported files
  • Exports messages in UTF-8 encoding only
Syslog Watcher 5.x
  • Only one file exporter with a single filter
  • Exports “as-is” or as extracted by the built-in parser
  • Synchronous export (stops on errors, messages may be lost)
  • Only one nesting level for subfolders
  • Supports limiting the size of the exported files
  • Exports messages in any encoding

Forwarding to Another Syslog Server

Syslog Watcher 6.2
  • Unlimited number of UDP/TCP/TLS forwarders with complex filters
  • Additional field extractor for data transformation
  • Asynchronous forward (retries on errors, continues after recovery)
Syslog Watcher 5.x
  • Multiple UDP forwarders, only one TCP forwarder, no TLS support
  • Forwards “as-is” with no message modifications possible
  • Synchronous forward (stops on errors, messages may be lost)

Exporting Syslog to External Database

Syslog Watcher 6.2
  • Unlimited number of database exporters with complex filters
  • Additional field extractor for data transformation
  • Asynchronous export (retries on errors, continues after recovery)
Syslog Watcher 5.x
  • Only one database exporter with a single filter
  • Exports “as-is” or as extracted by the built-in parser
  • Synchronous export (stops on errors, messages may be lost)

Frequently Asked Questions

Q: What version do you recommend for a fresh install?
A: We recommend choosing Syslog Watcher 6 for new installations.

Q: Can I still choose version 5 for a fresh install?
A: Yes, if you think that version 5 is more suitable for your case - please use it. We continue to provide full support for Syslog Watcher 5.

Q: Do I need to upgrade my current Syslog Watcher 5 to version 6?
A: Check out the feature comparison of the two versions above. Make sure the features you use are not limited in Syslog Watcher 6. Upgrading is optional, so you can continue to use Syslog Watcher 5 if it completely suits your needs.