When it comes to computers in general the standard that is followed for system logs is known as syslog.
Syslog allows for compartmentalized messaging for various software applications and services that are stored for later processing.
It started as a Unix only system log but other operating systems started to adopt the standard.
This is all very useful because it lets you analyses the stored information at a later time.
You will find a lot of important details about issues that you might not be aware of which is a great feature to have at your disposal when you are trying to troubleshoot issues and errors.
Other important issues such as security audits and suspicious behavior can also be picked through syslog reviews as well.
There are many reasons why you would might need to keep tabs on syslog items, and the products that we have rounded up are sure to give you at least some of the functionality that you are after.
You need to weigh up what your requirements are for your specific needs.
The best part is that there are even more options than the ones we are going to show you today, but this will point you in the right direction.
We’ve gotten a list of applications together that help you to find out more about your system and systems on the network.
The applications have been segmented into 3 different categories:
- Free Logging Software
- Premium Logging Software
- Linux, Mac and Open Source
Best Free Syslog Servers Software of 2020:
Here are some of the free versions of commercial products.
They might not have the fully featured functions that enterprise software offers, but when it comes to free products you can’t really complain too much.
Let’s take a look at them and see what features you can expect when you download one or two of them.
Kiwi Syslog Server is made by SolarWinds, so you know its high quality.
- Centralized management of the syslog messaging system as well as SNMP Traps
- It allows for Logging to disk and it splits logs by date as well as priority or even get a daily summary via email
- You will be able to view up to 10 windows with filtered information in real time as well as high traffic alerts
- You will receive real time statistics and information on a daily basis via the application’s console
The free version allows you to view security threats by combing through syslog messages and SNMP traps from devices and computers on your network.
This means that you can obtain information about devices that run different operating systems such as Linux, Windows and Mac OS.
You can also obtain email alerts via specified triggers that you can set.
Other actions include running scripts or even logging the event to your own database via an ODBC, allowing you to also forward these messages on to other applications if necessary.
This guide shows you how to get started if you need to start controlling your environment through this application.
The free version lacks some of these features though, but it can do a few useful things still.
It can read data from routers, firewalls, computers and other network appliances, it can collect the syslogs and data and message statistics.
The limitations of the free version are apparent, but if you have a smaller environment, or if you are in a pinch, then this could help you to get up and running without the initial cost of purchasing a license.
This is one of the better syslog tools that you can get for free, and is definitely worth taking a look if you want to start managing your system’s logs, and the logs of networked and connected remote systems.
You can download the free version from this link over here.
If you find that the free version doesn’t quite meet your requirements then you can download a free trial of the full tool, which can be found right here.
SnmpSoft Syslog Watcher is an application that handles many of the syslog functionality that you would expect from a critical system such as this.
It collects logs and sends out notifications for network devices and computers.
By implementing this system you will be able to store logs and access them from a single point, making log retrievals much more streamlined and efficient.
Searching through all of the stored information is easy as well thanks to the easy to use GUI.
When starting it up for the first time you will need to select the Operating Mode for Syslog Watcher.
- Use Local Syslog Server
- Connect Remote server
- Standalone Application
The free version has some limitations, as you would expect, but it gives you a good idea of how the application works.
The personal license grants you free access for non-commercial use and gives you permission to handle up to 5 syslog sources that generate logs.
There is a maintenance mode that lasts for 12 months, which means that you can receive free updates during that time for free.
After that period, you will need to pay extra to update the application further.
- Log Collection: This is an obvious item to have included, and it can handle more than 4,000 syslog messages a second over IPv4 and IPv6 networks. It runs as a service which means that user logons are not required when running this application.
- Email Notifications: These are sent when a user-defined event is triggered. These can be configured in a few different ways, making this a highly configurable system.
- Filtering: You can easily find the specific alerts that you are after when using the filtering options to narrow or widen your search. There are also logic gates that aid in your searches.
- Compatibility: You can install this application on Windows, Unix and Linux.
If you would like to download this application and try it for yourself then you can download it from here.
Splunk Light is aimed at a smaller segment of the market where enterprise scaling and massive networks are not used.
Instead, Splunk Light takes its experience in larger environments and puts it to good use with automated log searches and analysis.
Splunk Light comes with a free license that gives you the ability to index around 5 gigabytes a day when using it.
This is a lot of data for smaller environments and is a good way for you to gauge the system before you take the plunge and purchase the license for yourself.
After the free version of the software expires then you can convert it to a perpetual free license thanks to the way that Splunk offers its products.
This is not compatible with the full version of Splunk, so it must be installed on a separate computer if you wish to test it out as it won’t run it in parallel with your full version.
It is normally advised to run these types of applications on a separate network if you already have an installed production version running.
- Integration: This is a single product that gives you the ability to collect real-time logs while indexing and searching the data. It has built in alerts and reports that take out all of the work from monitoring your system logs.
- Purposed Design: This product has been made for small businesses, and it has been designed with this in mind.
- Quick Start: Getting started is quick and easy thanks to the way that data is rapidly onboarded and then navigated through thanks to the intuitive user interface.
- Upgradeability: There are upgrade paths that will make a lot of sense as your log keeping requirements grow.
Splunk Light is available on Windows, Linux and even Mac OS, making it a highly compatible and easy to install application.
While it may lack some of the enterprise features that most complex environments require, it is certainly an excellent starting point.
If you would like to try it out for yourself and see how well Splunk Light works for your requirements then be sure to try downloading the Microsoft Windows version from here.
Next, we have another free offering, this time from the company Paessler. PRTG Free syslog Server offers many interesting features that system administrators could find quite useful.
This free version is for Windows, and it allows you to capture syslog messages for later analysis and investigation.
These will then alert the administrator when a message or incident should occur.
PRTG can operate as a generalized network monitoring tool that also captures syslog messages.
This is done by creating a centralized Syslog Receiver Sensor within the PRTG application.
From this sensor all of the syslog data can then be captured and then analysed. All of the contents of these messages are then sent to PRTG so that they can be actioned further.
If any errors are detected, then a notification or set action will then come into effect. This makes it much easier to be aware of the actions on your network without you needing to do anything directly.
A different implementation is also possible.
This is done by adding each of the sender devices and then by installing the Syslog Receiver Sensor in each of those devices.
By doing it this way you’ll use far fewer system resources such as CPU and memory.
It does require more sensors to be installed in some cases, but your requirements will be specific to your own environment.
The free version of PRTG offers 100 free sensors, so that will be the limit of devices that you can monitor, which is quite a lot.
A sensor in PRTG is the name of the basic monitoring component of the application.
An individual monitor can perform some different features such as traffic on an individual switch’s port, CPU operations in a computer, or even the available space of a hard drive within a server.
PRTG receives a syslog message which then displays the specific details about the error or message that has been detected.
It also records where the message came from, giving you context about the source of the syslog message.
All messages are rated on a scale between 0 and 7, which PRTG then processes with a facility code.
If you want to try out PRTG Free syslog Server then you can find a link to the free download right here.
Premium Logging Software
You should have a pretty good idea about the limitations of some of the free options that we shared above, and if they would be suitable for your needs within your organization. Sometimes the lack of features will make these solutions unsuitable for your requirements, so you will need to look at investing some capital into an enterprise solution. Here we have picked 3 of the most popular products used by IT professionals for syslog functions, so lets take a look at what they can do.
SolarWinds Log Analyzer is an enterprise solution that helps your IT team get to the root cause of issues by investigating system logs.
This ultimately helps to reduce down-time and speeds up the diagnostic process, which helps to speed up the fix times within an organization.
The main reason to use SolarWinds Log Analyzer is the way that it helps you to gain insight into the current performance of your IT systems.
All of your devices are constantly generating log files and information, and Log Analyzer is able to delve into all of this information and deliver root cause analysis with all of the other tools in the Log Analyzer suite.
It is able to collect and consolidate as well as analyse all of the data that streams into it.
Not only syslogs, but also traps, Windows and VMWare events. Even though this is an enterprise product, the licensing is pretty straight forward and easy to manage.
It is based on the number of devices that are generating data, and not on the volume of the data.
This means that if you have a data rich environment that comes from only a few sources then you will find the solution to be quite cost effective.
Configuring the app is very simple too, giving you the option to set it up with Syslog and SNMP Traps, Windows and VMWare Events.
If you want to collect Syslog and SNMP Traps then all you need to do is setup your SolarWinds Orion server as the logging destination on the device that you want to monitor.
Once you have configured these devices to send data then you can begin the process of searching and filtering data with the syslog features of SolarWinds Log Analyzer.
You can use a free trial of this application before you commit to licensing it so that you can see how it works, and if it would be appropriate for your environment.
If you would like to try out a free trial then follow this link. It is fully functional for 30 days so you can really get a feel for how it works.
Pricing starts at $1,495, or alternatively you can request a quote from here.
Nagios gives you a complete monitoring system that also acts as a syslog monitor as well.
It is able to monitor Unix system logs as well as the logs of applications, dedicated log files as well as syslog data.
Where it is particularly useful is in the alerting sphere as it can notify you of any particular errors that you set it to monitor and alert you for.
The system is able to do this because of the way that it reads patterns in the vast amounts of information at its disposal.
The main positives that you will get from using such an application are obvious, enhanced data logging and syslog functionality along with a whole host of another benefits.
- An Increased Security Capability: The more your logs are stored and monitored, the more awareness you will have when it comes to monitoring security incidents within your organization.
- Better Visibility: Your internal network is vitally important to the running of your organization, so monitoring your infrastructure needs to be one of the main priorities that your company keeps an eye on. Syslogs from internal switches, routers and servers help to keep you and your teams in the loop.
- Better Up Time Stats: Your manager loves stats, so what better way to stay in his or her good books than by keeping your systems up and running at never before seen percentages? By looking at servers, services and application availability via syslog monitoring you can accomplish this and much more.
- Faster Response Times: When devices do fail, then you can receive notifications as it happens.
Nagios is one of the best software companies as far as enterprise monitoring solutions go, and their syslog monitoring is no different.
The Log Server offerings are available as free trials so you can try before you buy, giving you ample opportunity to test out the products before you make any investments.
To check out this product you can download a trial version from this link right here.
For pricing options you can contact their sales team here.
Winsyslog is an advanced offering that brings you syslog functionality in a Windows environment.
It is a modern and well maintained product, and is compatible with Windows 10 and Server 2016, among other operating systems.
It installs a browsable user interface that is accessed via its included web application that is installed during the initial setup process.
It offers compliance with RFC 3164 as well as 3195 and 5424, making it a viable choice where these standards are required.
The operation traces its existence back to 1996, giving them over 20 years in the industry.
- High Performance Logging: The system runs on relatively few resources, giving it a speedy and responsive feel.
- Highly Reliable: The system has been designed with criticality in mind, giving it a robust and reliable operational stance within your organization.
- User Friendly: Where a lot of highly technical applications often fall short is in the human accessibility space. WinSyslog is not one of them, however as it is very easy for users to grasp, thanks in part to its browser based operation.
- Affordability: Each organization is different, and the budget of each one will be different, but as far as enterprise grade logging solutions go, WinSyslog is very affordable.
- Scalability: WinSyslog is highly scalable, allowing it to run in a tiny SME with few devices, right up to multi-site organizations with thousands of devices.
As with most scalable products there are several tiers available for users to decide on.
Each of the different levels have certain restrictions, excepting for the Enterprise version which has all features unlocked.
The different levels are: Free, Basic, Professional and Enterprise. For more information about what each one does you can find out all the information that you need right over here.
For a full look at the products and pricing on offer by WinSyslog, be sure to check out this link.
Linux, Mac and Open Source
Sometimes an organization might need to have access to the source code of a product for security or development reasons.
The technical teams might need to add certain features or disable unneeded ones, so having this kind of access is sometimes a requirement.
Mac and Linux users have traditionally had fewer options available for software solutions in general, but this has changed drastically in recent years.
The syslog monitoring space is now another area where Linux and Mac can boast better options, so we will take a look at some of these below.
Graylog comes in two different flavors: Open Source and Enterprise.
Graylog has been designed with interoperability in mind, so it has been built largely to open standards.
This allows it to collect, refine, store and analyze your organization’s data.
Graylog allows you to gain a better understanding of your environment because it has a relaxed approach to the way you initiate searches.
You can start an analysis without first needing to specify the scope of what your search will entail.
This helps you to dive in deeper to your information, giving you a renewed sense of freedom in the way that you approach data discovery.
Graylog give you the flexibility to parse a few gigabytes of data per week, or several terabytes a day depending on the volume of data that your operations generate.
If you have critical requirements that your logging needs to run through, then you can also rely on the baked in fault tolerance that Graylog offers.
If you think that opensource projects are lacking in anyway, especially with regard to syslogging, then you will be pleasantly surprised by Graylog.
It is not only fully featured and free, but it also has great speed capabilities when processing all of the data that you need to go through.
This is possible mainly because of the efficient layout of the application as it can search, perform aggregations, analysis and visualizations with reporting tools all from a single interface and screen.
And while we are talking about user friendly interfaces and features we should mention the dashboards that are available.
The default ones allow you to drill down into key data relating to all your syslog requirements, and for everything else there are easy to create custom dashboards that you can get up and running on your own.
Other features include fault tolerance capabilities that prevent data loss in the event of a power outage or network failure.
This helps to prevent data loss, in addition to the load balancing features that are available.
This particular version is free and open source, although there are enterprise versions available too.
Logstash is able to ingest a lot of data, which serves as a basis for the Elastic Search and Kibana.
The ELK Stack (Elastic, Logstash and Kibana) are a highly advanced collection of applications that allow businesses to delve deeply into the analytics of the information that they are gathering. Logstash is able to transform this data regardless of the format or content.
Because of this, Logstash is suitable for almost any logging requirements that you might have.
Logstash can run on Linux too, making it highly responsive and stable.
It can be run as a service on Debian or it can be installed via RPM.
Of course Logstash isn’t limited to these options, and it can be installed on Docker or Windows too, but the Linux option is key for many people that need to introduce it into their environments without needing to rely on Microsoft for the installation platform.
If you would like to try it out for yourself then you can download it from here.
Free and Open Source
We’ve taken in quite a few different products in our roundup, and each of them is suitable for syslog in its own way.
How you decide on what to do with your logging requirements is again highly subjective, so hopefully you have seen something here that fits your technical capabilities, your logging requirements and your budget.
We found that Kiwi Syslog was about the best for general use in terms of performance and capabilities, while managing to offer both a free version as well as a paid for edition.
Both of these applications work well, with some limitations on the free version.
The product is supported and offered as a product from SolarWinds.
SolarWinds is a solid company that updates their software regularly.
They are able to maintain and keep their products competitive and relevant, so in our books we really like the Kiwi Syslog Server application as it simplifies and centralizes the syslog functions that most companies need to get by with.
We hope that you have found this review article helpful, and that it has helped you to understand what some of the main features are that ship with today’s syslog solutions.
As we have seen there are many different kinds of approaches that can be taken when looking at syslog solutions.
There is bound to be something for everyone in our list and we hope you get the right solution for you and your business.