Introduction

Syslog Watcher is a Windows syslog server that receives, stores, and analyzes syslog messages from network devices, servers, and workstations. It provides real-time monitoring, powerful search, configurable alert rules, and reports — all from a single Windows application with no external database required. It is designed for network administrators managing environments of any size, from small offices to large enterprise networks.

Key Features

  • Multi-protocol collection — receive syslog messages over UDP, TCP, and TLS (RFC 3164 & RFC 5424) on any port

  • Real-time monitoring — watch incoming messages in the View: Latest tab as they arrive

  • Message search and filtering — filter by originator, severity, facility, time range, or message text

  • Originator management — organize sending devices with custom identification rules

  • Email alerts — trigger email notifications based on configurable message rules

  • No external dependencies — self-contained Windows service, installs in seconds

System Requirements

  • Windows 10 / Windows Server 2016 or later (64-bit)

  • Network connectivity to syslog originators (UDP port 514 open by default)

  • Administrator privileges for installation

Quick Start

Step 1: Install

  1. Download the latest release from ezfive.com/syslog-watcher/downloads/.

  2. Run the downloaded SyslogWatcherSetup MSI file and accept the EULA.

  3. Select the product installation directory and finish the installation.

After the installation is complete, you have:

  • Binary files installed to C:\Program Files\Syslog Watcher NG\ or the folder you specified.

  • Syslog Watcher service registered as Syslog Watcher NG Server and configured to start automatically.

  • Work files in C:\ProgramData\SyslogWatcherNG\

  • (if not installed before) Syslog storage created in C:\ProgramData\SyslogStorage\

Step 2: Check Network Interfaces

The most common (SYSLOG over UDP/514) interface is added to the configuration automatically. It works well for many default-configured originators, but you may need to add more interfaces. We recommend switching to secure SYSLOG over TLS if your originators support it.

Step 3: Configure Your Originators

Configure your syslog originators — workstations, servers, and network equipment — to send their logs to the IP address of the Syslog Watcher machine.

Step 4: Start and Monitor

Start the syslog server and watch for incoming messages in the View: Latest tab.

What’s Next

Once messages are flowing in, explore the rest of the documentation: