Syslog is the De Facto standard used in Networks for sending/receiving Log messages from IT systems, network devices, hosts etc.
The Syslog protocol runs over port UDP 514 and is based on the IETF RFC 5424 standard. Almost all network connected devices (routers, switches, firewalls, Unix systems, Windows systems etc) support the Syslog protocol for sending out log messages.
To collect these Syslog messages from all of the above systems you need to have a centralized Syslog Server installed in your network (as a log management solution).
This server software will be listening on UDP port 514 in order to collect the syslog messages from all the peripheral network devices.
The diagram below depicts a usual scenario of a network with a centralized Syslog server.
Usually, a Syslog server tool does not only collect logs but also analyzes these logs, creates reports, issues alarms for faults or security problems, correlates logs between different sources etc.
In this article I’ll list and describe some of the best and most popular Syslog server software, so let’s see what we have.
Note that the ranking below is in no particular order.
1) WhatsUp Syslog Server
Do you need a solid Syslog server with a good track record that’s free? If so, then WhatsUp Gold’s free server may just be the syslog software for you and your organization.
The interface is clear, heavily color coded, and you can even export all of the data at the click of a button.
For free software, that’s a pretty solid package already, but the fact that it can also process as many as six million logs per hour makes this a very good deal indeed.
What’s to like is the power of this software without much compromise at all. It’s not often that you see this level of power in a free piece of software.
2) Kiwi Syslog Server
Even though Kiwi has been around for a long time, its easy set-up and configuration makes it a popular choice for sysadmins and those in IT who need to centralize system messages for convenient troubleshooting.
There’s a free 14-day trial, and a paid version, though they do offer a limited free version that allows up to five devices (log sources) to send messages to the software. All of this is wrapped up in a nice looking interface.
The tool now is owned by Solarwinds, which is a powerhouse name in the Network monitoring arena.
3) PRTG Network Monitor
Paessler has produced a very useful syslog server here which is under the umbrella of the well known PRTG Network Monitor suite.
It can be installed on Windows machines only at this point, but it does have the advantage of being free to use for up to 100 sensors.
There is a paid version, but the free version does offer up to 100 sensors, which would certainly suit many small businesses.
These aforementioned sensors are the heart of the application. They can be set to monitor anything, including CPU usage over parts of the network, network traffic over specific use ports, and so on.
The interface is also a joy to use and provides easy-to-read graphical dials that give basic information at a glance.
4) Syslog Watcher
Sysadmins and Network Administrators need to be able to look through logs and notifications in one central location quickly and easily.
Syslog Watcher provides a very easy-to-read interface that displays logs and notification events in a centralized area.
There’s a free Personal license that allows up to five devices, but it can only be used in a noncommercial setting. If you want up to 10 devices supported, the Standard license costs $99. There’s a Pro license for $199 that supports unlimited devices.
5) Manage Engine EventLog Analyzer
Large organizations contain complex infrastructure and peripheral systems, including software, routers, firewalls, and switches.
Keeping track of the error logs from hundreds or even thousands of devices is impossible without centralized log management.
Eventlog Analyzer from Manage Engine is a paid commercial tool that allows IT administrators, networking professionals, security professionals etc to easily track error messages or security events in real time from the connected network devices.
One of the best features is enhanced threat detection, so any business can be aware of when an attack is under way in their network.
It would be hard to run through every feature of Eventlog Analyzer, but the inbuilt compliance reporting is surely one of the most convenient. This allows any organization to be compliant with local policies and procedures.
Pricing is based on a number of variables, and it’s best to seek a quote directly from the company.
6) Visual Syslog Server for Windows
Visual Syslog Server can be installed on Windows machines and is an open source and free software.
It’s a lightweight piece of software and barely uses any resources when running. The only big issue for me is that it stores received log messages in plain text files on disk but it has a nice feature of displaying received syslog messages in real-time.
What is rather nice is that the interface can be switched easily to a nice color-coded view, complete with 3D design elements.
It may be a small thing, but nice visuals are often what sets free software apart from paid-for software. Therefore, it’s very nice to see it in an open source application.
If you want free, fast, and unlimited device support, Fastvue is well worth your time and research. However, keep in mind that Fastvue is only a syslog-to-text-files solution.
This means that the tool will simply receive syslog messages and then store them in text files in an organized way.
The GUI interface is logically laid out and easy to read. However, it only shows statistics. There is no log reporting, log analysis or anything else. For such tasks you will need a different tool, called “WebSpy”.
As discussed above, all of the logs are kept in easy-to-parse text files. Furthermore, all of these log files are kept in an archive folder by the program so as to cut down space requirements. Every log file also has a file associated with it for validation and security purposes.
Syslog-ng does offer both an open source free log management option and also commercial licenses as well.
It’s also aimed mostly at large organizations and enterprise users, so it may not be for everyone.
However, it is a well-supported solution that supports many advanced features. You also get 24/7 tech support when you need it, making it a good candidate for large organizations who need a robust and secure syslog server solution.
You get archiving, great data visualization, compliance reporting, and more. It also supports both Windows and MacOS, and can be deployed to Android mobile systems.
Overall, from the attractive website to the robust software, Syslog-ng should be a good choice for organizations and enterprise grade clients.
9) The Dude
Don’t let the name put you off. The Dude (from the well-known networking manufacturer “MiktoTik”) is a great piece of software for the price of completely free.
The interface may not be as pretty as some, but the syslog functionality is easy enough to set up and implement.
The single interface also gives you the option to sort and filter all log events, making it easy enough to parse the data.
In terms of compatibility, The Dude will work on Linux, Windows, or MacOS, but you may need to use Wine.
Still, this makes The Dude a highly configurable and convincing package, especially for those on a tight budget or no budget at all.
Moreover, in addition to Syslog functionality, the “Dude” is also a network management software that can scan your devices and draw a layout of the whole network.
Selling itself as the ultimate tool for log collection and centralization for both Windows and Linux, NXLog has a lot to live up to. It comes in two editions: the free community version, and the paid for enterprise version.
The free version is definitely not lagging behind in terms of features. It can be used by both large and small organizations. It has great scalability and is also open source, with the only disadvantage of harder learning curve.
The enterprise edition definitely has some advantages, including extra features such as more robust security options, a lower memory footprint, and lower resource use.
In addition, there are also add-ons for NXLog that promote easy compatibility between platforms, such as Microsoft365 and Azure.
The aptly named Papertrail is a free syslog server that allows you to centralize all log events from different devices to the cloud.
Storing log files in the cloud like this makes it very easy to parse them with the included event viewer and manage them.
It also saves valuable space on local storage. Furthermore, it uses Amazon S3 bucket storage, so you can rest assured knowing that all log files are secure and easy to access.
All messages are displayed in real time as they occur in the event viewer. This single page console is simple looking and easy to read. It’s also possible to search through stored logs for up to 48 hours after they happen.
Graylog is available in two versions – enterprise and open source. The Enterprise version however is also free for up to 5 Gbytes of logs per day. After that volume, you will need to buy a license.
Graylog consists of 3 components: The actual Graylog service (which includes the GUI management component), a MongoDB database (for storing configuration data), and the ElastiSearch component which is the actual storage and searching component for the actual log data.
Graylog can receive all types of log messages, but for collecting Syslog you just need to configure a Syslog Input in the GUI console.
If you want more than what the free products offer, WinSyslog provides plenty of advanced functionality and features.
As the name suggests, it can be installed only on Windows machines (such as Win10, 2016, 2019 servers) but it can receive log messages from all Syslog generating machines.
In use, WinSyslog is a robust and reliable application. It also includes an embedded Web service in order to access the Syslog management remotely via Web interface.
It’s also very scalable and can be used in a low device environment, right up to enterprise level where there are thousands of devices to be supported. This lightweight design is going to be very attractive for those organizations who run smaller networks.
Thankfully, all of this power under the hood isn’t overly complex. It’s easy enough to understand and the interface presents all the data logically enough. For pricing, it’s best to check the official site.
- Top 10 PRTG Alternatives for Monitoring Networks and IT Infrastructure
- Comparison of GNS3 vs EVE-NG vs Packet Tracer for Networks Simulation
- Top 10 Network Administrators Software Tools (Free&Paid)
- A Complete Guide to Scaling your Network Monitoring Solution
- 10 Best Network Traffic Analyzer (NTA) Software Tools