When it comes to network monitoring, Syslog (System Logging) tools are a vital piece of any serious network administrator’s toolkit. Every minute devices from computers to printers generate syslog messages about a variety of events. For years network administrators have used these messages to monitor enterprise-scale IT infrastructure from the top down.
In most cases these events are innocuous yet sometimes they identify serious faults within an organization’s IT setup. Syslog servers take the information generated by these systems and compile it in one place where it can be used by an administrator to monitor the network’s performance. In this article we guide you through what a Syslog server is before breaking down our ultimate list of Syslog servers for Windows and Linux.
What is Syslog?
As mentioned above, a syslog enables devices within your network to send messages about ongoing events to a syslog server where they are logged. This log acts as a record of active events throughout your IT infrastructure and allows you to view events on a large number of devices through one system and one pane of glass.
A syslog server works by taking log messages from your IT equipment and storing it in a centralized location where it can be viewed by a network administrator. Syslog servers are completely supported on Linux, Unix and MacOS systems. On Windows, Syslog can be supported through the use of third party applications as well. In terms of core components, most Syslog servers have:
- A Syslog Listener – Takes data from Syslog messages sent to UDP port 514 and stores it in a centralized location
- An Internal Database – The best Syslog servers store syslog data within an internal database.
- A Filtering system – Filtering log messages will cut down the amount of time needed to sift through all this data.
Syslog server features
A typical Syslog server will help your network administration tasks by performing the following tasks:
- Collecting syslog messages from different device types
- Performing cross-platform functions to spot message that arise from any operating system
- Provide a central storage point for all Syslog messages that arise on a WAN
- Create a logical directory structure to aid access to historical Syslog data
- Impose a standard file format for event logs
- Enable live messages to be viewed
- Provide a viewer for historical data loaded from file
The number of Syslog servers available today shows that this is a busy market. Compateing providers are making their servers increasingly sophisticated, so now it is possible to get extra Syslog management features even from free Syslog servers. Look out for bonus features. Some Syslog servers can provide these services:
- Analyze the frequency of Syslog messages by source type and warning severity
- Display alerts in the dashboard and/or issue notifications by email
- Trigger actions in the event of an alert condition arising
- Consolidate other system warnings into a multi-source monitoring system
- Integrate SNMP statuses into event log monitoring
- Include graphical data representations in the dashboard.
The capabilities of a Syslog server can range from a simple message trap that writes to a file through to an event alerting and analysis tool.
Why Do I Need A Syslog Server?
Syslog servers are an essential tool for maintaining a clear view of an enterprise scale network. Rather than sifting through Syslog messages on individual devices you can use a Syslog server to pull data from hundreds of disparate devices and access all these messages in one place. Without a syslog server you’d have to check through each device individually.
The biggest advantage of a Syslog server is that it reduces manual network management time. You can simply check the Syslog server and read through the Syslog event messages generated by your entire network. This not only gives you a clearer view of what’s going on, but makes your network monitoring more efficient as well. Below we break down some of the best Syslog Servers for Windows and Linux.
Here’s a list of the best Syslog servers:
- SolarWinds Kiwi Syslog (FREE DOWNLOAD)
- Paessler PRTG Syslog (FREE TRIAL)
- SnmpSoft Syslog Watcher
- Splunk Light
- The Dude
- Visual Syslog Server
- ManageEngine EventLog Analyzer
- Icinga 2
- WhatsUp Gold Syslog Server
- Fastvue Syslog
- Nagios Log Server
Kiwi Syslog Server by SolarWinds has developed a reputation as one of the most popular network monitoring tools on the market today. Kiwi is used by administrators across the world to collect Syslog events and messages from network devices on Linux, Windows and Unix. The user interface is incredibly easy to use and you can create professional graphs to view your network traffic and generate accurate insights.
Kiwi is also a great choice if you’re looking for automation as well. You can have email updates sent to an email of your choice as well as alerts to warn you of common network problems like hardware failures and other faults. You can download the 14-day free trial here.
PRTG Network Monitor is a quality choice for enterprise-scale Syslog monitoring but does come with a bit of a learning curve. To begin using PRTG you need to install the Network monitor and then use the syslog server sensor to search for devices. The filtering options are very strong with PRTG Syslog. You can select what type of messages will be recorded and whether they will be categorized as errors or warnings.
PRTG is a very powerful tool with the capacity to handle a massive 10,000 messages per second. Though you’re unlikely to reach this figure unless your equipment is regularly optimized, it has more than enough strength to accommodate a large stable of devices. Overall the user interface is very easy to use. The icing on the cake is that you can download PRTG for free for the first 100 sensors. You can download the free 30-day trial here.
3. SnmpSoft Syslog Watcher
If you’re a Windows user looking for a Microsoft-based Syslog server, SnmpSoft’s Syslog Watcher should be at the top of your list. With a free version that allows you to monitor up to 5 Syslog devices and a paid version that lets you manage an unlimited number of devices, this is one of the best Syslog servers on the market. With Syslog Watcher you can monitor a whopping 5,000 Syslog messages per second.
Like SolarWinds, you can use email alerts to stay in the loop about the live changes occurring on your network. Extensive filtering options allow you to narrow down the log messages that you have access to. You can also search through the database of stored Syslogs via a search function. In addition, the user has the opportunity to develop reports that can be exported to an external database.
4. Splunk Light
If you’re looking for a Syslog server to sustain a smaller network infrastructure, Splunk Light is certainly one to consider. One of the most compelling elements of Splunk is that you can create your own dashboard from scratch, choosing between displays like the incidents meter and the area map. Likewise the extensive search function helps to cut right to the heart of the information you need. The customization doesn’t end there; you can also create user-defined alerts to let you know when a specific Syslog event happens.
As a bonus, Splunk is very scalable if you need to accomodate more devices down the road. You can designate up to five users to monitor your Syslogs. With Splunk you can get an annual license for $2,070 for 1 GB per day and the perpetual license for $6,210. If you want to keep your costs to a minimum, you can use Splunk Light for free up to 500MB of data per day.
5. The Dude
As one of the lesser-known Syslog servers on this list, The Dude still pulls its weight against the competition. This free Syslog server can be used on Linux, Mac, and Windows to provide a complete overview of your Syslog messages. It also supports SNMP, DNS, ICMP and TCP monitoring if needed as well. You can also draw your own network map, which is useful for increasing your transparency.
The user interface is very basic in its approach but it does the job. Choose from many different tabs tabs from Syslog to Outages. The Outages page is perhaps the most important as this is where you can see the status of your devices alongside their service type. As a free tool The Dude is definitely worth consideration if you’re looking for a basic Syslog monitoring solution.
6. Visual Syslog Server
If you’re looking for a Syslog server for Windows, Visual Syslog Server offers a compelling package. This free and open-source program has all the components to allow the user to log syslog messages. The user interface may look quite antiquated, but its stripped back simplicity makes it very easy to navigate through your recorded data. One of the most useful features of Visual Syslog server is that you can set thresholds of log messages that trigger predefined scripts.
Visual Syslog server has its own filtering options and allows the user to filter by facility, host, source address, tag, message contents, or priority. You can also highlight any data you need to keep track of. Overall Visual Syslog Server is very easy to install and use, and offers a solid suite of features for a free program. This is a great fit for smaller enterprises starting out with Syslog management.
3cDaemon was designed with windows in mind, and operates as an excellent free platform for SMEs. In terms of filtering, 3cDaemon has a FAR tab (Find and Replace) where you can search for files via their file name extension and IP address. The user can also view log information in real time.
As an added bonus, you can also transfer log information into ASCII. Unfortunately on newer versions of Windows the application may have performance issues, so it is best if you’re operating on an older Windows operating system.
8. ManageEngine EventLog Analyzer
ManageEngine’s EventLog Analyzer is a critically acclaimed Syslog server tool and SIEM solution. With a price of $3,495, this mid range network analytics tool offers you plenty of bang for your buck. It supports Windows and Linux make it ideal for users working within a cross-platform environment.
What sets ManageEngine’s tool apart is that you can generate on-demand reports to monitor your syslog event messages. This makes it much easier to identify and address faults. It can manage events on network devices across multiple platforms. You can analyze syslogs from Unix, Linux, Solaris, HP-UX, and IBM AIX.
If you’re looking for a quality Syslog server for Linux, Rsyslog is a great option for individual users and enterprises alike. Rsyslog is an open source program that provides a range of log management options. Rsyslog is most commonly used through CentOS or RHEL 7. If you’re running a CentOS 7 system you don’t even need to download Rsyslog.
The main draw of Ryslog is that it is a powerful and versatile program. It can take log information from almost any device while monitoring up to 1 million messages per second.
Unfortunately, Ryslog’s lack of support for Windows users makes it unsuitable for cross-platform environments. That being said, if you’re on Linux this program is well worth consideration.
Nxlog is a high performance Syslog management platform thats available for Windows and Linux. Nxlog can collect log files in a variety of formats whether through UDP, TCP, or TLS and SSL. It is powerful enough to collect over 100,000 events per second. The NXLog Community edition offers users additional support for CheckPoint LEA and SNMP events.
Another useful feature is the ability to collect and manage Windows logs remotely. The versatility of NXLog’s features make it a very competitive addition to our list. Luckily the community edition is free, but if you want to know the price for the enterprise edition you will have to contact NXLog directly.
11. Icinga 2
Icinga 2 has long been known as an alternative network monitoring tool to Nagios, but it is also a very competent free Syslog server as well. Icinga 2 can be installed on Linux and offers a comprehensive interface through which the user can monitor Syslog messages. This platform is extremely user-friendly and customizable.
The user limits the amount of Syslog messages recorded by selecting a specific severity level. All Syslog messages will still be collected but only those of a certain severity will be actively recorded. There are five severity levels to choose from: debug, information, warning, notice and critical. If you want a platform with automated alert parameters, you should definitely consider Icinga 2.
The catchily named TFTPD32/64 is an open-source Windows utility that also functions as a handy Syslog collection tool. It can receive Syslog messages and other event information from DHCP, DNS and SNTP servers. All your event messages will be stored in files where they can be viewed by the network administrator.
In terms of functionality, TFTPD doesn’t have that much more to offer. The basic user interface does its job but if you’re looking for more advanced reporting capabilities then you should probably look elsewhere. But if you’re looking for a free entry into Syslog server management tools, you could do a lot worse.
13. WhatsUp Gold Syslog Server
WhatsUp Gold is an established name in the world of Syslog servers for one reason: reliability. WhatsUp can collect event logs from any device capable of sending syslog messages. In fact, WhatsUp has the power to monitor up to 6 million messages per hour. However WhatsUp doesn’t just leave you to sift through this mountain of data alone, you can filter information by IP address, log type, date, time, and text content.
You can send alerts straight to an email address, file, or Windows event log. You can even include data from the logs in your alerts. WhatsUp Gold is designed to work with Windows and runs on Windows 7, 8.1, and 10. or WhatsUp Gold can be purchased for $2,656. You can download the free trial here.
14. Fastvue Syslog
Fastvue is available on Windows Server 2008 onwards and offers users a simple Syslog server monitoring solution. Fastvue works by taking incoming Syslog messages and recording them straight to a file. This is done by providing individual log files for every reporting device (straightforward but not ideal for analyzing log data).
In regards to additional features, you can generate reports on the size of your log files for more detailed information. Unfortunately this is the limit on what you can do in terms of analysis. This is a good solution for recording your Syslogs but if you’re looking for sophisticated analysis your better off exporting to a third party tool or choosing another provider altogether.
15. Nagios Log Server
In terms of Syslog monitoring solutions, Nagios has a pedigree all of its own. This free open source application allows users to gather events information from Windows and Linux devices alike. One of the advantages of Nagios for Windows and Linux is that it combines log messages into a centralized location. With the free version this can be done with up to 500MB of data every day.
What really sells Nagios as a Syslog server tool is its diverse visualization features. Not only can you customize the dashboard but you can also port your data into graphs, charts and histograms. If you’re looking for a solution that really helps you to analyze your Syslogs then Nagios should be your first choice. The standard license Nagios costs a respectable $1,995.
16. Syslog NG
Finally we have Syslog NG, an open source Syslog server application that is a popular alternative to Ryslog on Mac and Windows. The installation process for Syslog NG is incredibly simple, all you need to do is download it via yum. Syslog is very scalable and can support everyone from SME’s to large enterprise. It has a bandwidth of 650,000 messages per second.
Syslog NG was built for diverse IT environments using a variety of operating systems and as a result it is compatible with a range of different operating systems. It can also filter through these logs according to user-defined criteria. Relay mode allows an administrator to centralize the management of thousands of different devices. As an open source platform Syslog NG is free to download.
Syslog Servers: An Administrator’s Ace in the Hole
Monitoring Syslog servers is very time consuming if you don’t have the right tool to help you. A quality Syslog data monitoring application will drastically reduce the amount of manual time you need to spend overseeing your network infrastructure. A Syslog monitoring solution allows you to automate your log collection.
Choosing a tool like SolarWind’s Kiwi and Icinga 2 will allow you to tailor your user experience according to your needs. Whether that’s creating your own alert parameters or designing your dashboard, these features can further reduce the amount of time needed to oversee your Syslogs. The quicker you spot an emerging problem, the faster you can address it.
If you want to maintain an enterprise grade network infrastructure long term, then you should definitely consider employing a Syslog monitoring tool among your core software tools. You’ll not only be able to see what is happening on your network but also put yourself in a position to be proactive about securing your network uptime.