Best Syslog and Log Viewers (1)

The Syslog message format is one of the oldest standards in IT, dating back to the 1980s. It was originally implemented in a Unix-based program called Syslog-ng. The format used by that package was adopted by other software to ensure compatibility. Eventually, the layout of Syslog messages and the codes that go into some of its fields were specified in an RFC by the Internet Engineering Taskforce (IETF).

By complying with the Syslog message format, software producers can be sure that their customers will find utilities created by others to gather, sort, view, and store those messages.

Here is our list of the best Syslog and Log viewers:

  1. Loggly (FREE TRIAL) A cloud-based system that receives and consolidates log messages from different formats, shows arriving log messages and offers a viewer for data analysis. Access the 30-day free trial.
  2. Kiwi Syslog Server (FREE TRIAL) A Syslog log manager with live message views, data analysis functions, and file management. This package installs on Windows and Windows Server. Start a 14-day free trial.
  3. Site24x7 Log Management (FREE TRIAL) This cloud-based system includes a data viewer for received log messages, including those in the Syslog format. Start a 30-day free trial.
  4. ManageEngine EventLog Analyzer (FREE TRIAL) This package provides both a log server and a local collector. The system can standardize all logs into a common format. Available for Windows Server or as a SaaS platform. Start a 30-day free trial.
  5. Datadog Log Management A cloud-based log manager consolidates Syslog messages with other log types, such as Windows Events. In addition, the Log Explorer includes data analysis features that can be used for a range of applications, including security monitoring.
  6. Fastvue Syslog A free Syslog server includes a live tail message display and a file viewer for older records. It runs on Windows.
  7. ELK Stack A free suite of tools for log collection, analysis, and display that can collect Syslog messages and consolidate them with other log message formats. It runs on Linux.
  8. Graylog A log management system that is free for low throughput volume and includes merging Syslog records with Windows Events. It runs on a VM.

You can read more about each of the options in the following sections.

Running a Syslog server

To benefit from the information imparted by Syslog messages, you need a collector and a client to gather and upload them to a Syslog server.

Syslog messages can be pertinent to security events and so processing these messages quickly and making them available at a central Syslog server immediately is very important. Additionally, SIEM systems rely on log messages for their source data, and the sooner you can get those messages to your SIEM software for threat hunting, the sooner a threat can be identified and blocked.

The log server has several tasks to perform, which one software package might be able to implement all of them. Some programs serve just one of those duties.

The work that a Syslog server will perform includes:

  • Receiving Syslog messages
  • Displaying arriving messages in a console – called “live tail”
  • Converting messages into a neutral format along with messages created through other standards – this is called “consolidation”
  • Creating a log directory structure
  • Creating a log file and writing messages into it as they arrive
  • Closing the log file and starting another – this is called logfile rotation
  • Reading log files into a viewer for analysis

These are the basic tasks of a log manager. A log server that is part of a security monitoring service will include pre-written searches that scan through new records taking in a set of messages on a continuously moving frame, such as the last five minutes. Some log management systems write log messages in a database instead of storing files.

Related post: The Best Free Syslog Server List

The best Syslog and log viewers

When getting a good viewer for Syslog messages, it is good to find a system that can handle all formats of log messages. Generally, viewers just load in records, and so the ability to show log messages that are written to different standards all in the same screen relies on the skills of a log consolidator, which will need to pre-process all messages before the viewer accesses them.

What should you look for in a Syslog and log viewer?  

We reviewed the market for Syslog and log viewing packages and analyzed tools based on the following criteria:

  • An integrated consolidator or an associated utility
  • Options to sort, filter, and group records
  • The ability to highlight related Syslog messages
  • A way to link together records for further investigation
  • The option to reformat and export records
  • A free tool or a system with a free trial so you don’t get tricked into paying for a good tool
  • Value for money from a reliable and fast tool that can quickly read and sort through Syslog records.

We have identified both free and paid tools that provide excellent Syslof viewing services with these selection criteria in mind.

The Seven Best Syslog and Log Viewers

1. Loggly (FREE TRIAL)

Loggly AWS Cloud Monitoring

Loggly is a cloud-based log server, consolidator, and analyzer. It can process Syslog messages as well as logs from other sources. Integrations create the compatibility of the server. You activate an add-on for each log format that you want your Loggly implementation to process.

Key Features:

  • Server for Syslog
  • Log consolidator
  • Log viewer with analytical tools
  • Manages filing and archiving

Loggly is a competent log file manager. Those files are stored on the Loggly server, and the storage space is included in the package price. The retention period for those files depends on the plan that you choose. While a log file is on the Loggly server, it can be selected and read into the data viewer included in the Loggly console.

Pros:

  • Manages the installation of a data collector
  • Can collect logs from on-site systems and cloud platforms
  • Offers analytical tools in its log viewer
  • Integrations with project management and collaboration tools

Cons:

  • You need to work out what to do with your log files after the retention period ends

There are four plans available for Loggly, and the first of these, called Lite, is free. That free plan will process 200 MB of data per day. The three paid plans have higher data throughput allowances, up to 100 GB per data with the Pro edition.

Try Loggly with a fully functional 30-day free trial.

Loggly Download 30-day FREE Trial

2. Kiwi Syslog Server (FREE TRIAL)

Kiwi Screenshot

Kiwi Syslog Server is an on-premises solution that enables you to manage your log files in-house. This tool will collect band consolidate Syslog messages and those of Windows Events. The server can also process SNMP Trap messages, emergency warnings sent out by network devices.

You can specify conditions that raise concern and that will trigger an alert – examples of such conditions are if a device breaks down or if log message delivery frequency increases by a certain percent.

Key Features:

  • Syslog and Windows Events
  • Log consolidator
  • Log viewer

The Kiwi system’s console is Web-based, although you host it on your server. The dashboard includes a log message viewer that also provides analytical tools. When used to just display log messages, the viewer color-codes records, which is a treatment that you can customize. Messages are shown live in the dashboard as they arrive, and it is also possible to read log files into the data viewer for analysis.

Pros:

  • Processes and stores log messages
  • Shows Syslog and Windows Events messages live as they arrive
  • Allows log files to be loaded into the viewer for analysis

Cons:

  • You need to provide a server to host the package

Kiwi Syslog Server runs on Windows or Windows Server, but it can collect Syslog messages from Linux and Unix hosts across the network. It will also collect messages from network devices. You can assess the system with a 14-day free trial.

Kiwi Syslog Server Start 14-day FREE Trial

3. Site24x7 Log Management (FREE TRIAL)

applogs-application-highlighted

Site24x7 Log Management is a cloud-based service that collects log messages and makes them available for analysis in a data viewer. The log viewer includes analytical tools to search, sort, and filter messages, which is a useful utility for ad-hoc investigations.

Key Features:

  • Consolidates log messages
  • Generates throughput statistics
  • Analytical tools

The Log Management unit collects Syslog messages from Linux operating systems and also from applications. The tool is not limited to managing Syslog messages; it can also collect Windows Events and logs from different software packages.

The Site24x7 platform is a SaaS system with a range of plans, which includes an edition for managed service providers. The Log Management service is bundled into each plan and provides an extra method for investigating problems or setting up additional performance and security monitoring searches.

Pros:

  • Collects many different formats of log messages and standardizes their layout
  • Shows arriving messages in the data viewer
  • Saves log messages to file

Cons:

  • Not available as a standalone package

The Site24x7 platform provides plans that are sized and priced to be suitable for small businesses. Larger companies pay for capacity expansions, so the system can scale up to work for any size of organization. You can investigate the Site24x7 platform further by accessing a 30-day free trial.

Site24x7 Log Management Start 30-day FREE Trial

4. ManageEngine EventLog Analyzer (FREE TRIAL)

ManageEngine EventLog Analyzer

ManageEngine EventLog Analyzer is a log manager that also provides both manual and automated threat hunting. The system collects log messages from all around the network and then consolidates them into a common format. So, it will gather Syslog and Windows Events messages plus other log message formats used by some software packages.

Key Features:

  • Log message collection
  • Log parsing and forwarding
  • Log message viewer

While all of the messages arriving at the log server get converted to a common format, it is also possible to forward the original messages without alteration or after conversion. These messages all get filed, but you can selectively filter messages to weed out low priority notifications and debugging messages.

After conversion, all of the messages processed by the log server get displayed in a data viewer that is part of the EventLog Analyzer dashboard. The data viewer includes analytical tools, such as sort, filter, and group. The system lets you examine just Syslog messages if that’s what you want. You can create your own threat detection queries and set them to run continuously. There is also a library of pre-written queries that constitutes a SIEM service.

Pros:

  • A data viewer that includes analytical features
  • The option to forward Syslog messages or all logs to third-party tools
  • Log message filing to support future historical analysis and compliance auditing

Cons:

  • Not marketed as a full SIEM

The ManageEngine system is available in a number of editions. There is a Free edition, but that is limited to collecting logs from five sources. The lowest paid package can collect from up to 1,000 log sources and the top plan will operate log collection for a large WAN. All editions are available on the cloud platform and with the on-premises version. You can try a single site license with a 30-day free trial.

ManageEngine EventLog Analyzer Start a 30-day FREE Trial

5. Datadog Log Management

Datadog Log Management multy query

Datadog Log Management is a cloud-based package, which means that it can receive log messages from anywhere, and the console is available through any standard Web browser. The Datadog system can receive all types of log messages, and there are guides in the Datadog documentation system that explain how to install a Syslog collector. The service can collect log messages from 170 different systems.

The Log Manager receives Syslog and other log messages, consolidates them into a standard format, and stores them. Each message is shown live in the console as it arrives. The consolidator will reference the source of each message, and you can also specify your custom tags.

Key Features:

  • Live log message statistics
  • Log consolidator
  • Log Explorer
  • Record tagging
  • Analytical tools

Datadog Log Manager stores log messages to file. You can specify your storage location or rent space on the Datadog server. The Log Manager can also compress files for archiving, and you can get them revived on demand. Stored files can be read into the Log Explorer for analysis.

Pros:

  • Merges log messages in different formats
  • Can receive Syslog messages
  • Includes a data viewer with analytical tools
  • Stores log messages to file and manages to archive
  • Displays live statistics on arriving log messages

Cons:

  • Storage space isn’t included for free

Datadog Log Management can perform and ’consolidate log messages from many different systems and file them and give you a way to view records. The console presents ongoing statistics about log message activities and shows live tail messages as they arrive. First, read messages into the Log Explorer from files to analyze your system’s activity. Then, create your own saved searches and automatically apply them to coming log messages.

The Log Management service can be enhanced by subscribing to the Application Performance Monitoring service. This produces distributed tracing logs for microservices, and feeding those through to the Log Management module lets you see how the performance of those functions is dependent on system resources and other events on the network.

There are two elements to the Datadog Log Management service. The first is the actual processing system, which is charged per GB or processed data. The other service is the storage space, which you don’t have to take from Datadog. The price for this service depends on the length of time that you want to store log files. You can get a 14-day free trial of both services.

6. Fastvue Syslog

Fastvue Syslog screenshot

Fastvue Syslog is an excellent deal because it is entirely free to use. The package has an attractive interface, and it will collect Syslog messages from the network. This is a standalone package that can file all of your Syslog messages. It can also forward records to bother Syslog processing and analysis tools.

Key Features:

  • Collects Syslog messages
  • Files logs
  • Optionally forwards records

The package formulates statistics on log message throughput. As well as filing Syslog messages, the Fastvue system generates an SHA-256 hash so that you can check for tampering. In addition, the system can automatically apply compression to archive files after a period that you specify.

Pros:

  • Automatic collection and filing of Syslog messages
  • Customizable archiving
  • Logfile viewer

Cons:

  • No consolidation or analysis utilities

The log viewer in the Fastvue system only shows records from a specific file – it doesn’t include any analytical tools. This package also can’t ingest log records from other systems, such as Windows Events. However, as it is a free tool, it is worth considering and buys you time searching for something better. This software installs on Windows.

7. ELK Stack

Logstash sceenshot

ELK Stack, also known as Elastic Stack, is a free suite of tools that collect and manage logs. This system runs on Linux and will easily manage your Syslog messages. The element that gathers log messages, consolidates them, and files them is Logstash. This is the “L” of “ELK”.

Key Features:

  • Collects and files Syslog messages
  • Log consolidator
  • Data search tool

The “E” of “ELK” is the Elasticsearch system. This powerful data analysis system is integrated into many other log analysis and security monitoring tools. You can write Elasticsearch queries and then run them automatically to create your data analysis system.

Pros:

  • A log management system that is free to use
  • A hosted version including storage is available for a fee
  • Data analysis automation

Cons:

  • Requires technical skills to put together

The “K” of “ELK” is Kibana, a frontend for the whole system. You have to set up the interface yourself because Kibana can display any data source, not just Syslog messages. Once everything is organized, you will have Logstash collecting Syslog messages and creating log files, Elasticsearch creating analysis and data presentation functions, and Kibana displaying all of your Syslog data.

There are many plans for the cloud-hosted service of Elastic Stack, with prices starting at $16 per month. An advantage of getting the paid service is getting an edition that includes pre-written screens for log management, so you need fewer technical skills to benefit from the service. In addition, you can get a 14-day free trial to assess the paid system.

8. Graylog

Graylog

Graylog has been around since 2009. Originally an open-source project, Graylog is now available in a paid version and the free system, which is now called Graylog Open. The longevity of this system means that it is well-known, stable, and has a large user community. Unfortunately, if you opt for Graylog Open, you don’t get professional support, but you can join the user forums and find advice.

Key Features:

  • Well-established and stable
  • Log server and consolidator
  • Logfile management

Graylog can collect Syslog messages, and it can also get Windows Events. The service will consolidate the records that arrive from these two different systems and also collect logs from third-party applications. The system will file and forward messages, and so it could just be used as a Syslog server. The dashboard for the system is attractive and flexible. However, it doesn’t come out of the box, all setup and ready to run. You have to set it up by creating screens from templates or by selecting widgets and associating them with data sources.

Pros:

  • Collects and consolidate Syslog and Windows Events
  • Log forwarding option
  • Customizable dashboard with a data viewer

Cons:

  • Requires technical skills to set up

Graylog runs on a hypervisor. The Graylog Open edition can be installed directly on Linux. There is one other free version of Graylog, the Small Business Edition. However, that plan is limited to processing 5 GB of data per day. The two paid plans are Graylog Enterprise, an on-premises package, and Graylog Cloud. If you don’t have time to download and try either of the two paid editions, you can get a 30-minute demo of either of the paid services.