Network Interfaces

Syslog Watcher must have at least one network interface configured to receive syslog messages from the network. You can add any number of UDP, TCP, or SSL/TLS interfaces.

To configure network interfaces, click settings32 Configure (Main Toolbar) to open the Server Configuration window; then select the Network Interfaces group.

Server Configuration - Network Interfaces

Adding UDP Interface

UDP is the most common and widely supported transport for syslog messages. It is fast but unreliable and insecure.

To add a UDP interface:

  1. Click Add UDP Interface.

  2. Set a specific local IPv4/IPv6 address or use 0.0.0.0 for all IPv4 addresses or ::0 for all IPv6 addresses.

  3. If your configuration uses a non-standard port, then specify it instead of the default 514.

  4. Click Apply.

You do not need to change advanced settings in most cases.
Server Configuration - UDP Network Interfaces

Adding TCP Interface

Syslog over TCP adds reliability and guaranteed delivery.

To add a TCP interface:

  1. Click Add TCP Interface.

  2. Set address and port the same way as described for the UDP interface.

  3. Limit the maximum number of concurrently connected TCP clients and specify the behavior when this limit is exceeded.

  4. Click Apply.

You do not need to change advanced settings in most cases.
Server Configuration - TCP Network Interfaces
If the Drop old connections option is not allowed, new connections will be dropped in case the maximum number of active connections is reached.

Adding TLS Interface

To add a TLS interface:

  1. Click Add TLS Interface.

  2. Set address, port, and a maximum number of connections the same way as described for the TCP interface.

  3. Configure TLS Options.

  4. Click Apply.

Server Configuration - TLS Network Interfaces

Deleting Interface

To delete a network interface:

  1. Select the interface by clicking its title area.

  2. Click Delete Interface.