Skip to main content
Version: User Guide 6.5

Syslog Reports

Syslog Watcher's report engine utilizes a virtual (in-memory) SQLite database to gather, transform, and analyze information. A report template contains syslog filters and SQL commands that are executed for messages matching the filters. Once all messages from the time range have been processed, the engine uses the collected data to create a report file in a text format, like HTML.

Report Generation Steps

When generating a syslog report, Syslog Watcher performs the following steps:

  1. Creates a blank in-memory database;
  2. Executes initialization (Pre) SQL commands;
  3. For each syslog message in the report time interval and for each SQL command:
    1. If the message matches the filter, then execute the SQL command;
  4. Executes finalization (Post) SQL commands;
  5. Creates an output file using the configured filename;
  6. Writes the collected data to the output file.