Syslog (System Logging) protocol is a communication standard used by devices in a network to log different kind of events like a change in VPN connection, initiation of an IP connection, or detection of a malicious file. It then becomes the work of the Network administrator to go through the log files trying to find any discrepancies that may indicate a problem in the network. As you can imagine it would take a lot of time to go through each device’s logs individually especially if it’s a large network. And even then the chances of missing an important message are very likely. Which is where the Syslog server software come in.
How Do Syslog Softwares Work?
Syslog softwares are installed or configured onto a server to eliminate the need to log into each device individually when getting their log events. Instead, all the devices will now send their log files to the Syslog server software from where the network admin can study them. And it gets better. The Syslog softwares also feature an alert mechanism that notifies you whenever there is a critical message that needs your immediate attention.So you end up working less but with better results.
Some Syslog servers can also act as receivers for SNMP trap which is another communication standard used by network devices to send alerts to a server. However, SNMP is limited in its scope in that it will only notify you of critical conditions, unlike Syslog which collects every event thus making it more effective for higher detailed monitoring.
Limitations of the Syslog Standard
One downside of the Syslog standard is the lack of authentication which makes them prone to replay attacks although that should not be much of a problem in a secure network. Also as you might already be aware, window-based devices do not support Syslog by default. Instead, they have an event log that can be accessed through Event viewer application that comes with the Windows OS. Therefore, if you have windows based devices on your network that you want to incorporate to your centralized logging system, you might have to use dedicated software like SolarWinds Event Log Forwarder for Windows. Its a software that forwards the event logs as Syslog messages to the Syslog server software.
But enough of that. Let us look at what really brought you here. The best Syslog Server software. As you might imagine there are so many of them. So I will do you a favor and narrow it down to five of the best.
|#||Name||OS||Automatic Alerts||SNMP Support||TCP Support||Download|
|1||SolarWinds Kiwi Syslog Server||Windows||Download|
|2||WhatsUp Gold Syslog Server||Windows||Download|
|3||Visual Syslog Server||Windows||Download|
|5||The Dude Syslog Server||Windows | Linux | MacOS||Download|
|Name||SolarWinds Kiwi Syslog Server|
|Name||WhatsUp Gold Syslog Server|
|Name||Visual Syslog Server|
|Name||The Dude Syslog Server|
|OS||Windows | Linux | MacOS|
1. SolarWinds Kiwi Syslog Server Free Edition
As a network admin, you have probably heard of SolarWinds. They are best known for their industry-leading Network Performance Monitor but they also have a bunch of other IT management software and monitoring tools one of which is Kiwi Syslog Server free edition. It is an excellent tool that will collect Syslog messages from any device in your network that supports the Syslog protocol. The Kiwi Syslog server is very easy to install and configure and also comes with the ability to receive SNMP message.
The Syslog data received can be viewed through the server’s User interface or sent directly to you through the email. A notable feature of the Kiwi server is the ability to create a trend analysis graph from the logged events which definitely makes for easier monitoring.
SolarWinds has put various measures that allow you to access specific logs in the least time. For instance, you can open multiple instances of the log data and view them concurrently. It also allows sorting through the log files based on time or priority level. Unfortunately, this free version comes with a limitation in that it can only support 5 devices.
Therefore, for the bigger organizations, I would recommend the paid version that comes with a bunch of excellent stuff among them being a web-based console that allows you to study the logs remotely from any system. The KIWI Syslog server only works for the Windows operating system.
2. WhatsUp Gold Syslog Server
This software was developed by IPSwitch, another popular developer of Network Monitoring tools and it provides an effective way to receive, save and share Syslog data from various devices on your network. The WhatsUp Gold Syslog server allows you to view the log messages live as they are received and also sort them to appear based on their importance.
It also allows you to set the type of events that trigger an alert which will promptly be sent to you as messages. With the ability to handle 6,000,000 messages per hour, this server tool is well suited for use in any organization size. All the collected Syslog messages are archived which means you have a history of all the logged files in case you need them in the future.
Additionally the WhatsUp server allows forwarding of the log messages to a third-party application for in-depth monitoring. This server is only compatible with windows and can either run as an application or as a server.
3. Visual Syslog Server
Visual Syslog Server is an open source software that allows monitoring of devices via both UDP and TCP. The server allows you to view the messages in real time as they come after which they are saved on the disk for better management.
For easy retrieval of logs from the database, the server allows you to filter them based on various aspects like the date, source address, facility, or message content. In addition to the standard email alerts, the Visual Syslog Server supports notification through displaying an alarm window, playing a sound file and customizable notices formats.
There is definitely no way you will miss an alert with so many available options. But even if you do, this server can be set to trigger external scripted programs act on your behalf in case of an alert. Although this server runs as an application, it is very lightweight and does not take too much system resources. It can also be minimized to the tray when not in active use to avoid disturbing your workflow. It will still continue collecting logs in the background.
4. Syslog Watcher
Syslog Watcher is another excellent software for managing log events that features a multi-threaded architecture for enhanced performance. Multi-threaded means the process of collecting logs and processing them is different and therefore, one does not interfere with the other. Ad a result, you are assured that all events from all your devices are logged to the server.
It also supports both IPv4 and IPv6 protocols and can monitor logs over UDP and TCP making it more reliable. Smart parse is another highlight feature of Syslog Watcher that enables it to handle non-Syslog messages. This server has the ability to handle thousands of logs per second and will thus have no problem handling all the devices in your network.
Once the server collects the logs you can either choose to convert them into various file formats like CSV and XML or you can store them in a database by using ODBC connectors. Once in the database, it becomes very easy to manage the data especially with the various search and sorting mechanisms allowed by the server. The server has also incorporated email notifications to alert you in case there is an important event.
5. The Dude Syslog Server
I could think of a better name for a Syslog server but let’s not judge a software by its name, right? The Dude is a full-featured Network Management software that features a built-in Syslog server which can easily be activated on the server settings under the Syslog tab. The Syslog server being part of a larger tool means that you get some benefits that would otherwise be unavailable. Like the automatic detection of devices on your network for instance. Or better yet, the support for SNMP, DNS, TCP, and ICMP monitoring of devices that allow it.
Also, unlike the other software that we have looked at so far, this server tool can also work on Linux and MacOS. The log messages collected by the server are either exported to file formats or forwarded to other destination like 3rd party applications. The Dude Syslog server also incorporates various alert methods like pop up messages, system beeps and screen flashes. That is on top of the usual email alerts.