Syslog Collector¶

The syslog collector is part of the Syslog Watcher server, which collects syslog messages from the network, pre-processing them and writes them to the syslog storage.

The message collection pipeline is shown in the diagram below.

Syslog Watcher - Syslog Messages Pipeline

Configuration¶

Syslog Watcher Configuration

Preprocessor¶

The syslog collector prepares messages for the syslog storage. All messages must be marked with a severity level. If the severity level is not specified in a syslog message (as required by the standard), the collector assigns the default level.

Syslog messages are stored in UTF8 format. If originators send messages that are not in UTF8 format, the syslog collector needs to know their encoding.

Filter¶

The incoming filter allows the syslog collector to immediately discard unnecessary messages and not load the server with their processing and not storing. The messages at this stage are not parsed, so only the simplest filters are available: by severity level and by keywords.

Buffer¶

The writing speed of the syslog storage is usually limited and cannot be increased in many cases. A memory buffer allows the syslog collector to deal with unexpected bursts of incoming messages.

Monitoring¶

You can monitor the current state of the message collector using statistics in the Server tab and logs in the Server Log tab.