Syslog Collector

The syslog collector is part of the Syslog Watcher server, which collects syslog messages from the network, pre-processes them, and writes them to the syslog storage.

The message collection pipeline is shown in the diagram below.

Syslog Watcher - Syslog Messages Pipeline

Configuration

syslog preprocessor configuration

Preprocessor

The syslog collector prepares messages for the syslog storage. All messages must be marked with a severity level. If the severity level is not specified in a syslog message (as required by the standard), the collector assigns the default level.

Syslog messages are stored in UTF8 format. If originators send messages that are not in UTF8 format, the syslog collector needs to know their encoding.

Filter

The incoming filter allows the syslog collector to immediately discard unnecessary messages, without loading the server with processing or storing overhead. The messages at this stage are not parsed, so only the simplest filters are available: by severity level and by keywords.

Buffer

The writing speed of the syslog storage is usually limited and cannot be increased in many cases. A memory buffer allows the syslog collector to deal with unexpected bursts of incoming messages.

Monitoring

You can monitor the current state of the message collector using statistics in the Server tab and logs in the Server Log tab.