Monitor syslog messages with Kiwi Syslog Server NG

Monitor devices with comprehensive, centralized syslog monitoring

Download Free Trial Email Link to Trial

Fully functional for 14 days

Learn More

Monitor Syslog Messages

Filter Syslog Messages

Easily Manage Syslogs

Receive Alerts Quickly

Optimize your environment with thorough syslog monitoring

Syslog monitoring can improve your organization’s maintenance and security and help you troubleshoot issues quickly.

Beyond simply collecting syslog messages in a centralized location, you’ll want a syslog monitoring software with syslog filtering, centralized syslog management, syslog alerting, and syslog reporting functionalities to get the most out of incoming logs. These capabilities can help you react to performance issues and security threats as fast as possible. If you use SolarWinds^® Kiwi Syslog^® Server NG to monitor your syslog messages, you can create automated responses to specific syslog messages.

Download Free Trial Email Link to Trial

Fully functional for 14 days

Learn More

Find critical logs with Kiwi Syslog Server’s syslog filtering functionality

Devices on your network generate hundreds of logs. Reviewing large amounts of log data in search of issues or signs of malicious behavior is like searching for a needle in a haystack.

Kiwi Syslog Server NG simplifies the process of reviewing syslog messages with its advanced filtering capabilities. With this server log monitoring tool, you can filter messages by input source, message text, host IP address or name, time of day, or priority level to quickly find the most interesting data, helping you catch threats and issues.

Download Free Trial Email Link to Trial

Fully functional for 14 days

Learn More

Save time with centralized syslog management

Network devices, such as your routers, firewalls, and switches, create hundreds of logs each minute. Monitoring and managing logs is an essential part of any security strategy, but with such a large amount of incoming logs every minute, reviewing and acting on log data by system is a nearly impossible task.

A centralized syslog management system can simplify and accelerate managing your network devices’ syslog messages and SNMP traps. With Kiwi Syslog Server NG, you can centrally monitor and react to syslog messages from UNIX, Linux, and Windows systems, saving you time and frustration and helping you locate and combat potential security threats. For example, Kiwi Syslog Server NG can automatically run scripts, send emails, or log messages to a file.

Download Free Trial Email Link to Trial

Fully functional for 14 days

Learn More

Stay on top of potential security threats and quickly troubleshoot issues with syslog alerting

Security threats are always looming, and knowing when and where they occur is the only way to stay ahead of them. Kiwi Syslog Server NG is a robust and highly customizable syslog alerting tool designed to help you stay on top of potential security threats.

Configuring a Kiwi Syslog Server NG rule to alert you in response to Syslog messages in which every filter was evaluated as true can help better prepare you to handle threats and other issues within your network. You can easily add actions to rules, so Kiwi Syslog Server NG will display a message, or send you or a colleague an email when a syslog message passes all of a rule's filters.

Download Free Trial Email Link to Trial

Fully functional for 14 days

Learn More

Syslog Message Collection and Monitoring

Do you find yourself asking…

What is a syslog message?
What parts does a syslog message have?
How is the syslog message priority (PRI) value calculated?
What are the severity levels of syslog messages?
How to improve syslog messages monitoring by using filters and defining rules
How can I configure devices to send messages to Kiwi Syslog Server NG to start syslog monitoring?
How does syslog monitoring work in Kiwi Syslog Server NG?

A syslog message is a message in standardized format using System Logging Protocol (syslog) that network devices use to communicate. Network devices—such as routers, switches, firewalls, and servers—use syslog messages to send information about their status or important events, so they’re extremely important for network troubleshooting.

The key for taking advantage of syslog messages for network monitoring and troubleshooting is to have a good syslog server. A syslog server can centralize syslog messages from your syslog-capable devices and allow you to access, search, or filter the messages (and usually a lot more). For this, the syslog-capable devices need to be configured to send the syslog messages to a syslog server.

Syslog messages are used mainly by network devices with Linux and Unix operating systems. By default, syslog messages are sent via UDP (User Datagram Protocol), which is a connectionless protocol, so there’s no guarantee the message arrived successfully. However, some devices can also use a connection-oriented protocol—TCP (Transmission Control Protocol)—which helps ensure the message delivery.

What are syslog messages used for?

Syslog messages are typically used by network and system administrators for early detection and troubleshooting of a possible issue for a network device. Syslog messages provide essential information about network device status and important events capable of having a negative impact on the standard operation of a network. Together with SNMP traps, syslog messages are a basic means of communication for network devices, such as routers, switches, firewalls, and servers. In a typical network, thousands of syslog messages and SNMP traps are generated every minute, which makes their usability for network monitoring without a centralized solution impossible. Both types of messages can be collected by a syslog server, which acts as a central place for all the logs network devices generate. A syslog server offers an easy way to access, search, and filter logs, and it’s a crucial part of log management.

You can monitor syslog messages more effectively in the Kiwi Syslog Server NG by defining rules and using filters. This robust syslog monitor offers the ability to define unlimited number of rules (consisting of unlimited number of filters and actions) so you can process and respond to syslog messages according to your criteria and needs. Kiwi Syslog Server NG offers keyboard shortcuts to simplify deleting, inserting, copying, pasting, moving, renaming, and auto-naming your rules, filters, actions, and schedules.

Rules tell Kiwi Syslog Server NG how to process incoming syslog messages, including which messages trigger which actions. If a rule applies to a log message, Kiwi Syslog Server NG will compare the message to each filter in the rule, starting with at the top. If any filter condition is false, Kiwi Syslog Server NG will stop processing the rule and apply the next rule to the message. However, if every condition in a filter is true, Kiwi Syslog Server NG will repeat the process with the following filter. If a message passes every filter in a rule, Kiwi Syslog Server NG will begin performing all your actions in order. Once it’s finished with all the filters and actions in your first rule, Kiwi Syslog Server NG will move on to the following rule, so applying rules in order is essential.

Adding rules to determine which actions occur after a message is received is easy. To start, select Setup from the main menu.. Then click Rules and Add Rule in the Kiwi Syslog Server NG dialogue box to add a new rule to the tree. Finally, name the rule, add rule filters and rule actions, and save your changes by clicking OK. After creating a rule, you can easily export it to share with another Kiwi Syslog Server NG.

You can set filters to control whether a message triggers a rule’s actions. SolarWinds Kiwi Syslog Server NG enables you to filter messages based on IP address, priority, time of day, hostname, input source, regular expressions, and message text. Once you’ve created your filters, Kiwi Syslog Server NG will automatically apply them in the order they’re listed, but if you forgo filters, every message will trigger an action.

You can configure Kiwi Syslog Server NG to perform a specific action when a message passes through all of a rule’s filters.

Common actions include:

Running a script or external program
Sending an email
Logging incoming messages to a file, Papertrail™, or Loggly^®
Sending a syslog message or an SNMP trap
Resting counters and flags
Displaying a message

Configuring your syslog-capable devices to start sending messages to Kiwi Syslog Server NG for syslog monitoring is easy. To start, ensure your device has its message logging capabilities enabled. Fortunately, most devices capable of generating syslog messages automatically enable logging, but it’s still a good idea to double-check. Then, set up your device to send syslog messages to a port (usually port 514) on the computer with Kiwi Syslog Server NG.

The RFC standard 5426 named port 514 as the default port for syslog messages. Kiwi Syslog Server NG will listen for User Datagram Protocol (UDP) messages on port 514 by default. However, if this doesn’t suit your needs, you can easily configure your Kiwi Syslog Server’s settings to listen for Transmission Control Protocol (TCP) messages, secure TCP messages, and Simple Network Management Protocol (SNMP) traps instead of UDP messages. You can configure Kiwi Syslog Server NG to listen for UDP, TCP, secure TCP, or SNMP messages on a different port.

To configure UDP input options, open the Kiwi Syslog Server NG Settings section under Setup in the main menu. Here, under the Inputs menu item,click UDP, and specify the port where you’d like to listen for UDP messages. Any port value between 1 and 65535 will work if the device transmitting the syslog message supports the new port number. It’s best for most people to leave the Bind to address field blank and allow your UDP socket to listen for messages on all interfaces. However, specifying the IP address in the Bind to address field will allow you to limit binding to a specific interface. You can establish which decoding method will be applied to any incoming data by selecting an encoding format from the drop-down menu or entering the code’s page number under the Data encoding section. After configuring your settings, save changes by clicking Apply.

Configuring TCP, secure TCP, and SNMP trap input options is just as simple. Instead of clicking UDP under the Inputs, select TCP or SNMP. You can then configure your settings. For example, the default port for TCP syslog messages is 1468, but you can choose a different port number. As with UDP messages, you can alter the Bind to address field and data encoding format. Then, specify your message delimiters, also known as separators, which signify which character or sequence of characters split a TCP stream into separate syslog messages.

A syslog message is a message in standardized format using System Logging Protocol (syslog) that network devices use to communicate. Network devices—such as routers, switches, firewalls, and servers—use syslog messages to send information about their status or important events, so they’re extremely important for network troubleshooting.
The key for taking advantage of syslog messages for network monitoring and troubleshooting is to have a good syslog server. A syslog server can centralize syslog messages from your syslog-capable devices and allow you to access, search, or filter the messages (and usually a lot more). For this, the syslog-capable devices need to be configured to send the syslog messages to a syslog server.
Syslog messages are used mainly by network devices with Linux and Unix operating systems. By default, syslog messages are sent via UDP (User Datagram Protocol), which is a connectionless protocol, so there’s no guarantee the message arrived successfully. However, some devices can also use a connection-oriented protocol—TCP (Transmission Control Protocol)—which helps ensure the message delivery.
What are syslog messages used for?
Syslog messages are typically used by network and system administrators for early detection and troubleshooting of a possible issue for a network device. Syslog messages provide essential information about network device status and important events capable of having a negative impact on the standard operation of a network. Together with SNMP traps, syslog messages are a basic means of communication for network devices, such as routers, switches, firewalls, and servers. In a typical network, thousands of syslog messages and SNMP traps are generated every minute, which makes their usability for network monitoring without a centralized solution impossible. Both types of messages can be collected by a syslog server, which acts as a central place for all the logs network devices generate. A syslog server offers an easy way to access, search, and filter logs, and it’s a crucial part of log management.
You can monitor syslog messages more effectively in the Kiwi Syslog Server NG by defining rules and using filters. This robust syslog monitor offers the ability to define unlimited number of rules (consisting of unlimited number of filters and actions) so you can process and respond to syslog messages according to your criteria and needs. Kiwi Syslog Server NG offers keyboard shortcuts to simplify deleting, inserting, copying, pasting, moving, renaming, and auto-naming your rules, filters, actions, and schedules.
Rules tell Kiwi Syslog Server NG how to process incoming syslog messages, including which messages trigger which actions. If a rule applies to a log message, Kiwi Syslog Server NG will compare the message to each filter in the rule, starting with at the top. If any filter condition is false, Kiwi Syslog Server NG will stop processing the rule and apply the next rule to the message. However, if every condition in a filter is true, Kiwi Syslog Server NG will repeat the process with the following filter. If a message passes every filter in a rule, Kiwi Syslog Server NG will begin performing all your actions in order. Once it’s finished with all the filters and actions in your first rule, Kiwi Syslog Server NG will move on to the following rule, so applying rules in order is essential.
Adding rules to determine which actions occur after a message is received is easy. To start, select Setup from the main menu.. Then click Rules and Add Rule in the Kiwi Syslog Server NG dialogue box to add a new rule to the tree. Finally, name the rule, add rule filters and rule actions, and save your changes by clicking OK. After creating a rule, you can easily export it to share with another Kiwi Syslog Server NG.
You can set filters to control whether a message triggers a rule’s actions. SolarWinds Kiwi Syslog Server NG enables you to filter messages based on IP address, priority, time of day, hostname, input source, regular expressions, and message text. Once you’ve created your filters, Kiwi Syslog Server NG will automatically apply them in the order they’re listed, but if you forgo filters, every message will trigger an action.
You can configure Kiwi Syslog Server NG to perform a specific action when a message passes through all of a rule’s filters.
Common actions include:
Running a script or external program
Sending an email
Logging incoming messages to a file, Papertrail™, or Loggly^®
Sending a syslog message or an SNMP trap
Resting counters and flags
Displaying a message
As a network or system engineer, you’ll want to use a syslog management tool to collect and monitor syslog messages from your network’s devices. Kiwi Syslog Server NG can collect syslog data from an unlimited number of devices, so you can easily monitor all your switches, firewalls, and routers.
In addition to monitoring syslog messages, Kiwi Syslog Server NG can collect Simple Network Management Protocol (SNMP) traps from Unix, Linux, and Windows systems, enabling you to view essential information across your IT infrastructure in a centralized location.
You can view your data in real-time with the user-friendly syslog web-based console from anywhere in the world with web access. Kiwi Syslog Server NG has 21 customizable views and syslog statistics graphs, so you can quickly understand and troubleshoot network or device performance issues. You can filter syslog messages by host IP address, priority, hostname, or time of day to locate crucial messages.
Beyond simply collecting and monitoring syslog messages, SNMP traps, and Windows event logs, Kiwi Syslog Server NG can respond to syslog messages thanks to its built-in actions.
Other Kiwi Syslog Server NG advantages include the ability to:
Archive syslog messages on disks, files, or ODBC-compliant databases
Forward messages to other SolarWinds IT management tools like Loggly, Papertrail, Security Event Manager (SEM), and Network Performance Monitor (NPM)
Keep your inbox clear thanks to Kiwi Syslog Server’s advanced message buffering capabilities
Store, archive, and cleanup logs to help demonstrate compliance with SOX, PCI-DSS, and HIPAA