Network Interfaces¶
Syslog Watcher must have at least one network interface configured to receive syslog messages from the network. You can add any number of UDP, TCP, or SSL/TLS interfaces.
To configure network interfaces, click Configure (Main Toolbar) to open the Server Configuration window; then select the Network Interfaces group.
Adding UDP Interface¶
UDP is the most common and widely supported transport for syslog messages. It is fast but unreliable and insecure.
To add a UDP interface:
-
Click Add UDP Interface.
-
Set a specific local IPv4/IPv6 address or use 0.0.0.0 for all IPv4 addresses or ::0 for all IPv6 addresses.
-
If your configuration uses a non-standard port, then specify it instead of the default 514.
-
Click Apply.
Info
You do not need to change advanced settings in most cases.
Adding TCP Interface¶
Syslog over TCP adds reliability and guaranteed delivery.
To add a TCP interface:
-
Click Add TCP Interface.
-
Set address and port the same way as described for the UDP interface.
-
Limit the maximum number of concurrently connected TCP clients and behavior if this value is exceeded.
-
Click Apply.
Info
You do not need to change advanced settings in most cases.
Warning
If the Drop old connections option is not allowed, new connections will be dropped in case the maximum number of active connections is reached.
Adding TLS Interface¶
To add a TLS interface:
-
Click Add TLS Interface.
-
Set address, port, and a maximum number of connections the same way as described for the TCP interface.
-
Configure TLS Options.
-
Click Apply.
Deleting Interface¶
To delete a network interface:
-
Select the interface by clicking its title area;
-
Click Delete Interface.