Syslog and by extension syslog servers are, to put it quite simply, nothing but programs and protocols which aggregate and transfer diagnostic and monitoring data. Their power comes from the wide range of data that can be collected and, furthermore, the ways in which this data can be analyzed and levied for the sake of network maintenance, system monitoring, and dozens of other diagnostic and troubleshooting purposes!
Generally the Syslog protocol is supported by a wide variety of devices and thus it's easy for devices and applications to fire off log information to the Syslog server, which stores the information for further analysis. Most notably, Syslog servers are often capable of triggering alerts or sending notifications which enables an admin in the field to receive time-critical information, or to simply gets a heads up of something that may need attention soon – thanks to a built-in severity metric, it's easier to know when something can wait and when it can't.
SNMP ties heavily into Syslog server functionality and can be used in tandem to poll all the wonderfully wide variety of information that admins are used to snatching up via SNMP but, when taken a step further via Syslogging server software, they can take that SNMP data and do a lot more with it – graphical interfaces which aggregate SNMP data, for example, can massively speed up the assessment of almost any number of critical systems or failure points.
Using these same metrics many Syslog servers can also have automated scripts or events that will trigger and can potentially streamline the process of recovering from, or preventing, downtime or outages. Some Syslog servers require client-based software to manage but many also offer web-based solutions, which can ease management both remotely or from different systems on a network environment. Most servers are also quite good at data management and will handle some level of archival functionality for saving older logs or records that may not actively be needed at present.
Syslog does have a few drawbacks – it's not particularly standardized, meaning that sloppy implementation can cause troubles for Syslog servers, and it also lacks any kind of authentication. In a trusted network environment this isn't really an issue, but especially nefarious malware or untrusted networks can sow seeds of trouble.
Best FREE Syslog Server Software & Tools:
Below is a list of software that performs these functions and more, as well as the compatible operating systems and, quite importantly, whether it supports some form of alert (alarms, pop-ups, etc.) and/or notifications (email, txt, etc.)
Kiwi Syslog Server – FREE VERSION
Kiwi's Syslog Server boasts ease of installation and setup on top of its other range of desirable features. Reports can be generated both in easy-to-read HTML or in plain text if necessary for parsing with other software.
Log archival and storage are automatic and rigorous with a focus on compatibility in cases where even regulatory needs must be carefully met – even those as stringent as HIPAA. Kiwi utilizes a web-based console for extremely ease of access and swift availability that requires no client installation or configuration.
Kiwi's software even handles Syslog and SNMP, including from Linux and UNIX hosts, and performs real-time alerting and notification based on this data with a vast, and customizable, range of metrics that can be checked against.
OS Compatibility and alert/notification ability: Win XP 32/64, Win 2003 32/64, Windows Vista 32/64, Win7 32/64, Windows 2008 R2 32/64, Windows 8, Windows Server 2012 & 2012 R2; has both alert and notification ability.
PRTG (Free Version)
PRTG has some Syslog ability then added via a sensor to the PRTG monitoring suite. Primarily focuses on SNMP and Syslog protocol data and has a good amount of analysis ability due to the built-in capability PRTG already has for general monitoring and management.
OS Compatibility and alert/notification ability: Any Windows 64-bit environment with Windows Server 2012 R2 specifically recommended; good notification and alerts, but all varies a bit as sensor must be added and configured by hand
SNMPSoft Sys-log Watcher
Installed as a dedicated syslog server for all manner of network devices with a native support for a good range of notification options – SNMPSoft's program also boasts a particular ability to parse and handle non-standard Syslog, something that can cause some other software to falter! Of particular note, there's also a Syslog Watcher VendorPack available, which is a huge reference of syslog messages for proprietary equipment that helps in swift troubleshooting by defining non-standard syslog messages automatically.
OS Compatibility and alert/notification ability: Windows XP through Windows 10; robust notifications and solid alerts as well
Not an ideal solution as even the Splunk forum will suggest using several Splunk servers for a proper setup, but still doable! Utilizing Splunk to index and manage log files is more strongly recommended, as syslog data will be lost with each Splunk restart by default. None the less, it does offer syslog functionality and, with a little work getting several Splunks working together, can be a solid solution.
OS Compatibility and alert/notification ability: Splunk runs on Windows 64-bit versions as well as Linux and Mac OSX, syslog functionality varies; no real alerting or notification functionality for syslog
The Dude, despite it's odd name, is an interesting and free option for general network management – it comes with a built-in syslog server which can be enabled with ease as well as provides functionality for remote logging via RouterOS. Log events can be filtered, sorted to different logs, or discarded based on customizable thresholds.
OS Compatibility and alert/notification ability: Most versions of Windows, recommended Windows 2000 or newer, also runs on Linux or MacOS using Wine/Darwine; email based notification with some on-screen alert or log-based alert options, too
TFTPD32 has a strong root in TFTP, as the name implies, but it also serves as a capable Syslog server to boot in addition to DHCP, DNS, SNTP, as well! It's breadth of coverage does mean less features, and overall the software is pretty cut and dry – which isn't always a bad thing! Handles all basic Syslog message gathering and storage
OS Compatibility and alert/notification ability: Runs as Windows service, compatible with most newer Windows versions after 2000; email based notifications
Syslog Server (Abandoned)
A fairly simple and barebones Syslog server that also doubles as an analyzer. It can be adjusted to only log and monitor events at certain threshold values and also can trigger email-based notifications, as well as sort the way in which events are displayed.
OS Compatibility and alert/notification ability: Service on Windows server prior to 2008, application functionality on most Windows versions; can trigger e-mail notifications based on thresholds
Icinga Open-Source Monitoring
Icinga is a powerful open-source monitoring suite, and though its focus is on a wide breadth of monitoring, it does offer a plug-in specifically for Syslog monitoring and management.
OS Compatibility and alert/notification ability: Most Windows both consumer and server on application level; some alerting functionality based on plug-in settings and version
Visual Syslog Server
Visual Syslog Server is a very straightforward and light-weight Syslog option that focuses on a real-time approach. It does have some ability to handle and rotate logs automatically, to avoid bloat, and can also trigger scripts or programs based on thresholds that can be set.
OS Compatibility and alert/notification ability: Runs as Windows application on Windows XP, Vista, 7, 8, 8.1, as well as Windows Server 2003, 2008, 2012; can handle notifications via email and also some alerting and automated triggering of actions
Based on the BSD-unix style functionality of syslogd, this particular offering is going to appeal to only a select crowd! None the less, it can handle logging based on priority, filter/restriction messages by IP, has real-time viewing of the log, and even can dump log information to plain ASCII.
OS Compatibility and alert/notification ability: Application level server run on most older Windows, newer OS versions may be iffy at best as the software is quite old; no real alerting or notification functionality
OS Compatibility and alert/notification ability:
This software focuses on an enterprise level of functionality and is geared towards larger environments – it can gather and store a wide range of Syslog information and store it on a central database with a wide range of filters and alarms available.
OS Compatibility and alert/notification ability: Windows 2000 and forwards; has alarm functionality but not much for notifications
Syslog tracking via a powerful Syslog server can save any network administrator an obscene amount of time and effort. Every bit of data, whether SNMP or Syslog, that can be requested, aggregated, and analyzed is another potential piece of a puzzle that can trigger alerts or notifications and quickly bring human attention to the problem as soon as possible, or even fire off predefined scripts or programs to alleviate, or at least slow down, oncoming issues.
The flexibility of these programs are a superb way for admins to leverage monitoring to their advantage with the goal of maximum uptime and stability. Much of this information can be seen on any one system or device, but even a small network with a few dozen devices would be totally unreasonable to monitor one by one – having it centralized, automated, and closely monitored is invaluable!