Free syslog analyzer for collecting and reviewing syslog messages from one network appliance. This syslog collector is an ideal choice for monitoring a home-LAN device (e.g.xDSL modem or switch) or testing purposes. Kiwi Syslog Server. Free SFTP server for reliable and secure network file transfers. SFTP/SCP Server. DOWNLOAD FREE TOOL 100% Free EMAIL LINK TO FREE TOOL 100%.
Syslog refers to a universal standard for system messages. While syslog was originally implemented by Syslogd, a Unix utility, it’s now used by an array of IT equipment. This means almost every single piece of computing equipment you purchase will be able to send syslog messages.
Syslog messages can be directed to different log files, based on the message’s severity level. To make the most of this information, the data should be processed or, at the very least, read. This is where a syslog viewer, or log viewer, comes in handy. A syslog viewer collects syslog messages from your network and displays them in a searchable and reviewable list, enabling you to more effectively monitor your network.
This guide will rank the best syslog viewers and log viewers on the market, considering user-friendliness, versatility and sophistication of features, suitability for business use, and more. Overall, SolarWinds® Kiwi Syslog® Server ranks highest, delivering a range of advanced features through a user-friendly and dynamic interface. A 14-day free trial of Kiwi® Syslog Server is available.
Kiwi Syslog Server is built to help you centralize and simplify log message management across network devices and servers. This tool saves you the trouble of having to comb through hundreds of logs on a system-by-system basis—which can be an almost impossible task—by giving you the ability to manage syslog messages and SNMP traps from a single console. This solution is a Linux, Unix, and Windows log viewer, making it a versatile choice for most enterprises. Kiwi Syslog Server can collect syslog messages from a range of equipment types, including routers, computers, and firewalls.
With security threats lurking behind the scenes, the only way to ensure the safety and security of your servers and devices is to stay ahead of them. Kiwi Syslog Server delivers real-time alerts based on syslog messages, keeping you informed so you can act to safeguard against new and emerging threats.
Another great feature of this syslog viewer is the ability to rapidly respond to IT events with automated syslog message responses. You can trigger email alerts, run scripts, log to file or ODBC database, forward messages, and much more. These capabilities can amount to the difference between a problem getting out of control and halting it in its tracks.
This log viewer allows you to store and archive logs for regulatory compliance purposes. Log collection and retention are a crucial part of most compliance frameworks and failing to meet requirements could have a significant impact on your business. Fortunately, this syslog viewer lets you schedule automated log archival and cleanup, helping you comply with HIPAA, SOX, PCI DSS, and more.
This log viewer allows you to view syslog data from anywhere, provided you have secure web access. This feature is especially beneficial to IT professionals, whose work often follows them wherever they go. The ability to filter and monitor log messages without restriction is useful, as well. The intuitive syslog viewer web console offers multiple, customizable views, allowing you to choose how you want to view data.
Reviewing groups of log data for signs of malicious behavior can be an overwhelming task. Kiwi Syslog Server eliminates the labor associated with this activity by offering users access to advanced message filtering. With this utility, you can filter by host IP address, time of day, priority, or host name.
With many log viewers, log monitoring activities can lead to an inbox flooded with messages. Kiwi Syslog Server mitigates this risk with advanced message buffering, which, during heavy loads, introduces a buffer of up to 10 million syslog messages and 1,000 email addresses.
Kiwi Syslog Server also features an event log forwarding tool, which forwards Windows events to your syslog server. You can rapidly specify and automatically send events from servers and workstations. You can also export event data from Windows servers and workstations, and specifically note which events you’d like to forward based on keywords, source, and type ID. You can also forward events to external systems to store, alert, and audit activity. Events can be sent to multiple servers over TCP or UDP.
Overall, Kiwi Syslog Server tops this list of the best log viewers because it delivers an impressive range of enterprise-grade features. With customizable dashboards and multiple filtering options, this tool is a great choice for companies valuing flexibility. This tool is highly user-friendly, with no initial learning curve or training required. If you’d like to give Kiwi Syslog Server a try, a 14-day free trial is available for download.
Logstash is a free server-side data processing tool designed for gathering, processing, and forwarding events and system log messages. This is a Linux log file viewer designed to dynamically ingest, transform, and ship your data regardless of the format or complexity. You can derive structure from unstructured data, which is a highly sophisticated feature—particularly for a free tool. This tool also allows you to decipher geo coordinates from IP addresses and exclude or anonymize sensitive fields. Logstash can even ease overall processing, independent of the data source, format, or schema.
Logstash is a versatile log viewer supporting various inputs, pulling events from a multitude of common sources, simultaneously. It can easily ingest from your metrics, logs, web applications, various AWS servers, and datastores. You can download Logstash here.
ManageEngine EventLog Analyzer is a comprehensive log viewer and log file management solution designed to automate log management processes, user access and activity auditing, application auditing, file and folder monitoring, compliance monitoring, and more. With this tool, you can collect, manage, analyze, correlate, and search through log data from more than 700 sources with agentless log collection, agent-based log collection, and log import. EventLog Analyzer features a custom log parser to extract fields from any human-readable log format. This solution offers vulnerability scanning, threat intelligence solutions, data loss prevention applications, and much more, giving you access to a single console through which you can view and manage log data.
EventLog Analyzer audits log data from perimeter devices. This includes switches, IDS/IPS, firewalls, and routers. This log viewer and management solution provides valuable insight into firewall security policy and rule changes, user logons and logoffs, malicious inbound and outbound traffic, and more.
With intuitive and predefined reports, EventLog Analyzer makes reporting quick and simple. The tool could be improved upon, however, if the user interface were made easier to navigate. You can access a live demo of this tool here.
LOGalyze is an open source, centralized log management and network monitoring tool designed to serve as both a Windows log viewer and a Unix/Linux server log viewer. This tool focuses on log management while giving users access to a surprising range of network observation capabilities. With support for Linux/Unix servers, network devices, and Windows hosts, this is a versatile solution.
LOGalyze uses an intensive and extensive search function to detect your real-time events. This log viewer is also able to define your events, comparing them to existing log information and alerting you when anything unusual occurs. With the ticketing system, you can close events quickly and efficiently. Unfortunately, as a free, open source tool, LOGalyze isn’t especially well-suited to business use.
Paessler PRTG Network Monitor is a comprehensive, sensor-based network monitoring system allowing you to customize your IT solution by choosing sensors to suit your individual requirements. A sensor is a monitored condition or status giving you insight into a specific element of your network, server, or system. PRTG’s Syslog sensor is called the Syslog Receiver. This sensor gathers syslog data traveling across your network and writes it to a database. Once the messages have reached the database, the records are managed according to the settings and conditions you define for the system.
You can have messages written to log files and use the dynamic PRTG dashboard to query them. These logs can even trigger actions under certain conditions, automating certain behaviors according to your preferences.
PRTG is a powerful and easy-to-use solution suitable for businesses of all sizes. It is, however, more cost-efficient for larger organizations that can afford the unlimited version of PRTG. If you’re a small company with minimal requirements, you can use up to 100 sensors for free, but most companies will exceed this limit quickly. A 30-day free trial of the unlimited version of PRTG is available.
Getting Started With Syslog Viewers and Log Viewers
If you’re looking for a syslog viewer or log viewer suitable for business use and offering a range of advanced features, then SolarWinds Kiwi Syslog Server is a reliable option. This tool is user-friendly, cost-effective, and scalable. With plenty of useful features, including the ability to respond to IT events with automated syslog message responses, this tool helps you address issues quickly and proactively.
If you’re still not entirely certain which log viewer to choose, we encourage you to take advantage of the free trials and live demos mentioned in this guide.
A syslog server can be configured to store messages for reporting purposes from MX Security Appliances, MR Access Points, and MS switches. This document will provide examples of syslog messages and how to configure a syslog server to store the messages.
Types of Syslog Messages
The MX Security Appliance supports sending four categories of messages/roles: Event Log, IDS Alerts, URLs, and Flows. MR access points can send the same roles with the exception of IDS alerts. MS switches currently only support Event Log messages.
URL
Any HTTP GET requests will generate a syslog entry.
Example:
Apr 20 14:36:35192.168.10.1 1 948077314.907556162 MX60 urls src=192.168.10.3:62526 dst=54.241.7.X.X mac=00:1A:A0:XX:XX:XX request: GET http://www.meraki.com
Summary:
A client with IP address 192.168.10.3 sent a HTTP GET request for http://www.meraki.com.
Flows
Inbound and outbound flows will generate a syslog message showing the source and destination along with port numbers and the firewall rule that they matched. For inbound rules, 1=deny and 0=allow.
Examples:
Inbound Flow:
192.168.10.1 1 948077334.886213117 MX60 flows src=39.41.X.X dst=114.18.X.X protocol=udp sport=13943 dport=16329 pattern: 1 all
Outbound Flow:
192.168.10.1 1 948136486.721741837 MX60 flows src=192.168.10.254 dst=8.8.8.8 mac=00:18:0A:XX:XX:XX protocol=udp sport=9562 dport=53 pattern: allow all
Summary:
The inbound flow example shows a blocked UDP flow from 39.41.X.X to the WAN IP of the MX. The outbound flow shows an allowed outbound flow for a DNS request.
Appliance/Switch/Wireless Event Log
A copy of the messages found in the dashboard under Network-wide > Monitor > Event log.
Example:
May 10 18:46:04 192.168.10.1 1 948080570.911780502 MX60 events dhcp lease of ip 192.168.10.252 from server mac 00:18:0A:XX.XX.XX for client mac 58:67:1A:XX.XX.XX from router 192.168.10.1 on subnet 255.255.255.0 with dns 8.8.8.8, 8.8.4.4
Summary:
A client with MAC address 00:18:0A:XX.XX.XX leased an IP address from the MX and the MX provided 8.8.8.8 and 8.8.4.4 as DNS servers to the client.
Security Events
Any security events will generate a syslog message (MX security appliance only role).
Example:
1490031971.951780201 ANB_MX80 security_event ids_alerted signature=1:39867:3 priority=3 timestamp=1490031971.693691 shost=00:15:5D:1E:08:04 direction=egress protocol=udp/ip src=192.168.30.10:49243 dst=71.10.216.1:53 message: INDICATOR-COMPROMISE Suspicious .tk dns query
Summary:
A IDS syslog message was generated when a .tk DNS query was sent from 192.168.30.10 to 71.10.216.1.
Air Marshal Events
Air Marshal events will generate a syslog message describing the wireless traffic detected.
Example:
Oct 20 17:21:33 192.195.83.210 0.0 syslog2 airmarshal_events type= rogue_ssid_detected ssid=' vap='0' bssid='FF:FF:FF:FF:FF:FF' src='02:18:6A:XX:XX:XX dst='FF:FF:FF:FF:FF:FF' wired_mac='00:18:0A:XX:XX:XX' vlan_id='0' channel='44' rssi='60' fc_type='0' fc_subtype='4'
Summary:
A beacon was sent by a device that exists on the LAN, generating a rogue SSID event that resulted in a syslog message.
Log Samples and More Information
For more information on Syslog Event Types and a list of log samples for each product, please refer to this article.
Configuring a Syslog Server
A syslog server can easily be configured on a Linux system in a short period of time, and there are many other syslog servers available for other OSes (Kiwi Syslog for Windows, for example).
The following commands detail an example syslog server configuration on Ubuntu 13.04 using syslog-ng, to gather syslog information from an MX security appliance.
Note: The following commands outline an example configuration for demonstration purposes. Please refer to your server documentation for specific instructions and information.
The first step is to install the syslog application:
Once syslog-ng has been installed it needs to be configured to receive log messages from the MX. These instructions will configure syslog-ng to store each of the role categories in their own log file. There will be an individual log file for URLs, Event Logs, etc. Alternatively, it could be configured to store all logs in one file. Use any appropriate editor to make changes to the syslog-ng configuration file. In this example nano is used to edit the file.
The LAN IP of the MX in this example will be 192.168.10.1. The syslog server is listening on 192.168.10.241 UDP port 514. Update as needed to reflect the LAN IP of the MX and the syslog server being configured. The first section of code will configure all syslog messages from the MX to be stored in /var/log/meraki.log. The second section of code will use regular expressions to match each of the role categories and store them in individual log files. Only one of the options needs to be configured.
Option 1 - Log all messages to /var/log/meraki.log:
Option 2 - Log different message types to individual log files:
The final step will restart the syslog-ng process:
Configure Dashboard
Syslog servers can be defined in the Dashboard from Network-wide > Configure > General.
Click the Add a syslog server link to define a new server. An IP address, UDP port number, and the roles to send to the server need to be defined. Multiple syslog servers can be configured.
If the Flows role is enabled on an MX security appliance, logging for individual firewall rules can be enabled/disabled on the Security appliance > Configure > Firewall page, under the Logging column:
Additional Considerations for Syslog
Storage Allocation
Syslog Server Mac Free Version
Syslog messages can take up a large amount of disk space, especially when collecting flows. When deciding on a host to run the syslog server, make sure to have enough storage space on the host to hold the logs. Consult the syslog-ng man page for further information on only keeping logs for a certain amount of time.
Expected Traffic Flow
Syslog traffic may flow to the syslog in one of three scenarios depending on the route type that is used to reach the syslog server. Below are example scenarios and a detailing of expected traffic behavior.
Scenario 1 - Reachable via LAN
The MX will source traffic from the VLAN interface that the server resides in if the syslog server is located on the LAN of the MX. The transit VLAN interface would be used if the device is only accessible via static route.
Scenario 2 - Reachable via Public Interface
The MX will source traffic from the public interface (WAN) if the syslog server is accessible via the WAN link.
Scenario 3 - Reachable via AutoVPN
Syslog Server Mac Free Download
In the event that the MX is sending syslog traffic across a VPN tunnel, the MX will use its source IP associated with the highest-numbered VLAN participating in the VPN. It is important to note this behavior for firewall design.
Mac Free Antivirus
If the traffic passes through the site-to-site AutoVPN connection the traffic will then be subject to the 'Site-to-site outbound firewall' rules and as such an allow rule may be required. This can be configured in Security appliance > Configure > Site-to-site VPN > Organization-wide settings > Add a rule as shown below.