Syslog Watcher - Powerful Syslog Server for Windows OS
Syslog Watcher Pro 一款高性能容易使用的WINDOWS syslog服務程式,彙集所有不同的來源的syslog資訊進行分析, 驗核並查明故障。
從網路設備和工作站收集系統日誌資料。Syslog Watcher Pro通過 UDP 和 TCP 協定,從網路設備收集 syslog 資訊和在 IPv4 和 IPv6 網路中工作。
Syslog Watcher can collect, parse, store and analyze syslogs from:
• firewalls / switches / routers / modems of any vendor
• network hosts and servers (Windows, Unix, Linux, etc.)
• syslog forwarders (to forward Windows Event Log to syslog server use Eventlog Inspector)
• any syslog enabled devices or appliances
• any software that can send its own logs via syslog
Syslog Watcher是一種高性能 Syslog 伺服器
Syslog Watcher stores the syslog messages in a special storage. It is a specially optimized type of database. The syslog storage is designed by taking into account the specific requirements of syslog server.
The diagram below shows the positive performance of the program. Syslog Watcher provides a comfortable work environment while displaying up to a million syslog messages.
智慧系統日誌解析
The vendors of devices and program developers often do not follow the RFC3164 standard. In other words, syslog messages that a syslog server receives may not be correctly recognized based only on the specification. Especially, frequent cases have a non-standard format of the date and additional tag (e.g., origin-id).
Our pride is in the intellectual parser of syslog content. This syslog parser attempts to determine the type of syslog source and correctly handle many deviations from the standard.We are constantly working to improve it. If you suppose that Syslog Watcher does not parse syslog from your sources correctly, please send us examples, and we will add support for it.
Syslog Watcher Features
High Performance
Syslog Watcher has a high efficient multi-threaded architecture optimized for better performance.
Fast Syslog Storage
Syslog storage is designed to work under heavy load and can process thousands of syslog messages per second.
Advanced Networking
Syslog Watcher supports IPv4/IPv6 interfaces and Syslog over UPD as well as Syslog over TCP for reliability.
Email Alerts
Syslog Watcher generates emails in response to incoming syslogs to alert an administrator about important events.
Export to Database
Syslog Watcher can export collected data to any (SQL, NoSQL, file-based) database via ODBC connectors.
Export to Files
Syslog Watcher supports exporting collected syslog messages to any text file types, e.g., CSV, XML, JSON, etc.
Vendor Pack
Syslog reference that contains the meaning and recommended actions for more than 14,000 syslog messages.
Comprehensive Filtering
Syslog Watcher uses unified filtering rules for all operations. It includes processing of the message body using RegExps.
Smart Parser
The intellectual syslog parser determines the source type and correctly handles deviations from the standard.
| License | Free | Lite | Professional | Enterprise | Ultimate |
| Network Subsystem | |||||
| Unlimited number of IPv4/IPv6 network interfaces | V | V | V | V | V |
| Standard syslog over UDP (RFC5426) | V | V | V | V | V |
| Reliable syslog over TCP (RFC6587) | V | V | V | V | V |
| Secure and reliable syslog over TLS (RFC5425) | V | V | V | V | V |
| Maximum number of concurrently connected TCP/TLS clients | 3 | 10 | 50 | 250 | 10 000 |
| Maximum number of messages collected per hour | 5 000 | 50 000 | 500 000 | 5 000 000 | unlimited |
| Maximum message length is limited for extended security | V | V | V | V | V |
| Message Processing | |||||
| Incoming filters to screen out unwanted messages | V | V | V | V | V |
| Support for proxied or forwarded syslog messages | V | V | V | V | V |
| Customizable message encoding for better non-ASCII support | V | V | V | V | V |
| Maximum number of syslog originators (syslog sources) | 3 | 10 | 50 | 250 | unlimited |
| Syslog parser uses regular expressions for data extraction | V | V | V | V | V |
| Option to set up different parsers for different originators | V | V | V | V | V |
| Syslog Storage | |||||
| High-speed file-based syslog storage architecture | V | V | V | V | V |
| Virtually unlimited syslog storage size | V | V | V | V | V |
| Option to limit the maximum size of the storage (GB) | V | V | V | V | V |
| Option to set the message retention period (days) | V | V | V | V | V |
| Groups for better organizing large numbers of originators | V | V | V | ||
| Multiple files per day for consistent maximum performance | V | V | |||
| Syslog Storage Archive | |||||
| Compressed storage archive for data backup | V | V | V | V | V |
| Daily synchronization of the archive with the storage | V | V | V | V | V |
| Incremental synchronization avoids storing redundant data | V | V | V | V | V |
| Syslog Forwarders | |||||
| Unlimited number of forwarders of any type | V | V | V | V | V |
| Asynchronous forward avoids losses even during traffic spikes | V | V | V | V | V |
| Pause/resume feature to continue forwarding after error recovery | V | V | V | V | V |
| Forward to another syslog server via UDP/TCP/TLS | V | V | V | V | V |
| Forward to any database via ODBC interface | V | V | V | V | V |
| Forward to files with a highly customizable folder structure | V | V | V | V | V |
| Email Alerts | |||||
| Unlimited number of email alert groups | V | V | V | V | V |
| Syslog Viewer | |||||
| Unlimited number of syslog viewers | V | V | V | V | V |
| Easy-to-use set of controls for the time interval | V | V | V | V | V |
| Paging and time interval shifting to continue viewing | V | V | V | V | V |
| Quick search among the messages loaded into the grid | V | V | V | V | V |
| Extensive options to configure the viewer layout | V | V | V | V | V |
| Highlighting messages in the grid depending on filter rules | V | V | V | V | V |
| Powerful HTML/CSS template for message details view | V | V | V | V | V |
| Multiple storage files per day for a better storage overview | V | V | |||
| Message Filtration | |||||
| Complex filter syntax allows an unlimited number of rules | V | V | V | V | V |
| Logical operations and parentheses for complex expressions | V | V | V | V | V |
| Text format of filter expressions is convenient to work with | V | V | V | V | V |
| Server Architecture | |||||
| Multi-threaded 64-bit architecture optimized for high loads | V | V | V | V | V |
| Dynamic buffers to deal with peaks in incoming traffic | V | V | V | V | V |
| Automatic backups of the server configuration | V | V | V | V | V |
| Passwords in the configuration file are stored in encrypted form | V | V | V | V | V |
Software Requirements
- 64-bit Windows platform
- Client OS: Windows 7 / 8 / 10 / 11
- Server OS: Windows 2008 / 2012 / 2016 / 2019 / 2022
- Compatible with virtual and cloud environment
Hardware Requirements
Minimum
- 64-bit CPU (1GHz, 1-core)
- 512MB RAM (for Syslog Watcher only)
- Hard-drive storage device (HDD)*
- 150MB disk space**
Recommended
- 64-bit CPU (2GHz, 4-core)
- 2GB RAM (for Syslog Watcher only)
- Solid-state storage device (SSD)*
- 250MB disk space**
* disk space required to store the collected syslog messages depends on each individual case.
** only for Syslog Watcher’s executable and logs files; configuration files.
EventLog Inspector - WINDOWS系統的管理員
EventLog Inspector 是WINDOWS系統管理員,用以擴展的Windows事件日誌管理。那裡他們可以翻譯事件日誌事件給系統日誌伺服器或轉發到指定的電子郵寄地址。使系統管理員的日常工作更容易。
EventLog Inspector, a cost-effective tool for system administrators to extend Windows event log management. The tool provides administrators the ability to translate event log events to a syslog server or forward the events to a specified email address.
► Forwards system events from Windows EventLog to a syslog server
► Exports Windows EventLog records to text files or a database
► Provides Windows EventLog reports for efficient analysis
► Generates email alerts, popups and sound notifications
► Windows XP – Windows 10 compatible, IPv6 ready
EventLog Inspector makes system administrators’ everyday job easier by taking care of critical events registered by the Windows event log. While providing a perfectly machined interface for registering and archiving system events, Windows gives little built-in support for manipulating the events being registered.
EventLog Inspector extends the capabilities of the Windows event log journal by giving system administrators the ability to do more with the events being registered. With EventLog Inspector, it becomes possible to store events from all Windows workstations on a single syslog server. The product will automatically notify the administrator about selected events by email, or send comprehensive reports on events happening on all or certain network workstations.
