Brands ICT logo

Syslserve - free syslog server


Introduction

Syslserve is a simple syslog server for windows. By default syslserve applies log rotation, daily compression of the logfiles. A entry consists of the time of the computer where syslserve runs, the source ip and the incoming message (unmodified). The time column is often redundant because the incoming message contains the time also. But it occurs to often that the router doesn't have the correct time settings or is using an different time server than other routers in the network. The source ip is ofcourse helpfull too identify the router where the syslog messages are coming from.

Features


- Easy setup, run and go
- High performance
- Automatically compresses daily the log files of yesterday
- Every device (ip) has a seperate directory for the log files
- Automatically splits up log files when they get bigger than 10Mib

Subscribe to the email list and you will receive a download link by email.

* indicates required

Commandline parameters


Option Description
-o also output to screen
-r log syslog messages, without formatting them to csv
-fs [size] log file cut size, how big should the pieces be, in Kilobytes
-od [dir] output directory
-p [port] port number where the server will listen on (default: 514)
-? show this help

Config.xml documentation


Tag Description Possible Values ParentTag
output_screen

If this value is set True, Syslserve will also output to the console screen. If False this will not happen.

True / False settings
raw

If this value is set True, Syslserve will store the messages as they come in without any addiitional information, like date/time.

True / False settings
filesize

The Maximum filesize of a log file

greater than 0 settings
output_dir

The output dir is the root directory of the location where the log files are stored. Futher seperation will be defined in the maps.

  settings
port

The Port where syslserve is listening on for incoming messages, by default this is 514.

0 - 65535 settings
       
maps In maps it is possible to define groups and combine logs based on IP.    
       
group     maps
  Properties    
  name name defines the name of the group. The name of the group will be used for naming the subfolder below the root folder , defined in the setting: output_dir.    
ip

Contains the IP Address of a device. The IP's that are defined within the group are the devices that have there logs stored in the same group file(s). Rotation settings are applied for all groups the same way.

Devices that aren't defined within any group are by default stored in their on folder with the IP-address as the folder name.

  group

Syslserve Server settings:
<settings>
   <output_screen> False </output_screen>
   <raw> False </raw>
   <filesize> 1024 </filesize>
   <output_dir> c:\output </output_dir>
   <port> 514 </port>
</settings>      

<maps>
   <group name="serverpark">
      <ip>192.168.7.2</ip>
      <ip>192.168.7.3</ip>
    </group>         
   
   <group name="routers">
      <ip>192.168.7.254</ip>
   </group>

   <group name="workstations">
      <ip>192.168.7.101</ip>
      <ip>192.168.7100</ip>
   </group>  
</maps>