Syslog is the keeper of all things events and we're bringing you the Best Free Syslog Servers for Windows (and Linux), along with some insightful reviews and screenshots.
Devices send syslog messages about any number of events. These can be informational messages, such as user login events, or they can be critical messages, like a failure in the primary application.
These messages play an important part in a network administrator’s arsenal of tools; they alert the admin of errors and warnings right as they happen, allowing them to quickly respond to problems and hopefully fix them before they become major issues.
Syslog (System Logging) standard is widely used by devices of all sorts, including computers, routers, switches, printers, and more.
Here is our list of the seven best free Syslog servers for Windows, Linux and Unix:
- Kiwi Syslog Server Free Edition – EDITOR'S CHOICE A free Syslog server that receives and files Syslog messages, managing files, and directories with meaningful names. Runs on Windows and Windows Server. Download 100% free tool.
- ManageEngine EventLog Analyzer – FREE TRIAL This tool collects, consolidates, and files log messages and also provides analytical functions. Runs on Windows Server or Linux. Get 30-day free trial.
- ManageEngine Log360 – FREE TRIAL This SIEM system includes a comprehensive log management and analysis package and is available in free and paid versions. Runs on Windows Server. Access a 30-day free trial.
- EZ5 Systems Syslog Watcher A Syslog consolidator that receives log messages and files them. The service also records message turnover metrics and can issue alerts for unusual levels. Installs on Windows.
- Splunk Enterprise This is a paid tool since the free version was deprecated. However, it offers a 60-day free trial and includes Syslog server capabilities. Installs on Linux and macOS.
- The Dude A free network monitoring system that includes a Syslog and Windows Event server. Installs on Windows, macOS, and Linux.
- Progress WhatsUp Gold Log Management A paid product with a free trial that is a log server for Syslog and Windows Events. This is an add-on to the main system monitoring package of WhatsUp Gold and it on Windows Server.
Syslog message, SNMP, troubleshooting and polling
Syslog messages are also important to have for security audits. On a network with a large number of devices, accessing logs on each device requires logging in to each one. It is a tedious and time-consuming process and you run the risk of missing important event messages. This is where syslog servers, also referred to as collectors, become very useful.
After enabling each device to send syslog messages, those devices start sending their log messages which are captured by the syslog server; there they are readily available to view and analyze.
Unlike SNMP, syslog cannot be used to poll devices for information; the syslog standard is used only to send messages about events.
For troubleshooting purposes, syslog sending is potentially more effective than SNMP polling because syslog messages are sent and received immediately after an event occurs.
Polling information is received at intervals – events can occur quickly and cause a lot of damage in the short amount of time between polling intervals.
For each device that you wish to have send its event logs to your syslog server, you need to ensure that its remote-syslog service is enabled and that it is pointed at the IP address of your server.
Take note that the Syslog default port is UDP 514; each sending device and the receiving Syslog collector need to be able to access this port.
Here are the Best Free Syslog Servers
What should you look for in free Syslog server tools?
We reviewed the market for free Syslog servers and analyzed the tools based on the following criteria:
- A simple way to set up clients so that they can send to the server
- Security systems that provide security and authentication routines
- A file management system that can rotate log files and create a meaningful directory structure
- Nice to have a consolidator that can merge Syslog messages with Windows Events
- A data viewer tool that includes record searching, sorting, and filtering capabilities
- Software that can cope with the volume of data your system generates
- The option to try out paid Syslog servers for free as well as accessing permanently free systems
With these selection criteria in mind, we have discovered some really useful Syslog management utilities that we are happy to recommend and explain how you can get them for free.
Grab one of the following Free Syslog Servers below to keep an eye on your network with further detail from a centralized location, many of these can also be installed on Windows 7, 8.1, 10 and other desktop versions of Windows, as well as almost every Windows Server Version on the Market (2003, 2008, 2012, 2016 and Server 2019).
Created by the industry-leading network management software developer SolarWinds, Kiwi Syslog Server is a comprehensive logging tool that collects syslog events and messages not only from network devices, but also Linux, Unix, and Windows systems.
- Can collect syslog messages from a wide variety of network devices, including routers, switches, servers, and security devices
- Sends real-time alerts based on specific syslog message patterns, allowing users to quickly respond to critical issues
- Remote syslog message collection
Using Kiwi’s GUI, you can easily and efficiently view and manage these log events from one console.
The free edition lets you collect and monitor syslog messages from up to 5 devices and lets you set up alerts for events such as heavy traffic, unauthorized login attempt, hardware failure, and more.
Kiwi also creates trend graphics, such as network traffic trends, and also creates a daily summary email for you.
Finally, you can archive all these syslog messages as well as forward them to a database or other syslog systems.
The full version of Kiwi Syslog Server allows you to set up actions, such as run program or play sound, that are triggered by certain log events; it also comes with a web-based interface that lets you manage the syslog server remotely.
- Offers a freeware version for smaller networks
- Captures both syslog and SNMP traps, ensuring nothing is missed
- Interface is easy to use, and allows for quick filtering based on application, location, or custom grouping
- Color-coded warning level helps critical events pop out, and aids in prioritization
- Affordable for any size network
- Built for sysadmins, not the best option for home networks or non-technical users
Kiwi Syslog Server Free Edition is our top pick for a free Syslog server because it is a competent and useful tool that is free forever with no strings attached. This Syslog server is easy to install and set up and will work with just about any log file collector. By sticking to well-known networking protocols, this server has no tricks or tie-ins and will work without fuss. Nice features include conditional forwarding, automated log file rotation, and crisis alerts.
OS: Windows Server
ManageEngine EventLog Analyzer offers log messages collection and management services that extend to log file management and log analysis.
This software package isn’t limited to collecting logs from the computer it is installed on. It gathers data from all of the devices on the network, no matter what operating systems they are running.
- Extensive integration into other ManageEngine products
- Cross-platform support for Windows and Linux
- Advanced syslog filtering capabilities
The EventLog Analyzer gathers Windows Events from PCs and Windows Server computers and also Syslog messages from Linux systems. It also collects the log messages output by the software running on your systems.
One of the main tasks of this tool is to consolidate log messages by converting them into a common format. This means that they can be stored in the same file and are in regular columns that can easily be searched for analysis.
The EventLog Analyzer files these messages in a meaningful directory structure and rotates log files regularly.
An analytical tool in the EventLog Analyzer console is able to access log files and search through them. The tool lets you implement a range of applications, such as security or performance monitoring.
Log messages can also be forwarded by the EventLog Analyzer to third-party tools for deeper scrutiny. Examples of this type of setup include SIEM systems, including ManageEngine’s own Log360 (see next review).
- Collects operating system logs
- Gathers software log messages from 700 different packages
- Consolidates and files log messages
- No cloud version
ManageEngine EventLog Analyzer runs on Windows Server or Linux. There is a Free edition that is limited to gathering logs from five sources. You can assess the full Premium edition with a 30-day free trial.
ManageEngine Log360 is a bundle of tools that creates a SIEM system. There are six ManageEngine packages in this offering and one of those is the EventLog Analyzer featured above. This system receives, stores, and displays log messages for searching.
- Features a comprehensive SIEM system
- Supports multi-site/multi-tenant environments
- Includes a free version for testing
While you get a fully automated threat detection system with the SIEM, you also get a log manager. The service will receive log messages from more than 700 different sources, which includes those that use the Syslog format.
The tool standardizes those incoming messages into a common format so that they can be stored and searched together. This process is called “parsing” and it enables you to unify data from different origins.
Logs are collected from each endpoint on your network and also from cloud platforms, such as AWS and Azure.
The Log360 package includes a compliance reporting tool for HIPAA, PCI DSS, FISMA, SOX, GDPR, and GLBA.
The SIEM performs automated searches through collected logs and raises an alert if it detects a threat event.
Alerts can be sent as notifications through service desk systems, including ManageEngine ServiceDesk Plus, Jira, and Kayoko.
- Collects log messages for more than 700 sources
- Free edition available
- Consolidates and stores log messages
- The free version is intended for use with the log files collected during the trial period of the paid edition.
ManageEngine Log360 runs on Windows Server and you can assess the tool with a 30-day free trial.
4. EZ5 Systems Syslog Watcher
A comprehensive, feature-rich application, EZ5 Systems Syslog Watcher is a Windows-based dedicated syslog server that collects and analyzes syslogs from any number of network hosts and servers (The free version allows up to 5 sources, while the professional license lets you collect from an unlimited number of sources).
- Consolidates syslog files from various applications
- Supports continuous syslog monitoring
- Various alert and automation templates
It gathers syslog messages from any device or appliance that has syslog sending enabled, as well as system log events from Windows, Unix, and Linux servers.
It also collects from any software that supports syslog sending. It boasts being able to handle 5000+ syslog messages per second.
Syslog Watcher supports both IPv4 and IPv6 networks, and collects over both UDP & TCP.
You can enable email alerts for certain events and messages, which alerts you of network and system errors before they become major problems.
The Viewer lets you sort and filter events as they come in, and lets you view the most recent syslogs in virtually real-time; messages can be customized by font and background based on filters.
All stored messages can be searched using an extensive rule set.
Important messages can be saved longer, and max keep time depends on the severity level of the message.
- Simple lightweight interface
- Supports logging in Windows, Linux, and Unix environments
- Can handle enterprise-level traffic, 5000+ messages per second
- They no longer provide a free limited version.
- The log search filter could use refinement
- Would like to see alerting options
5. Splunk Enterprise
Splunk Enterprise is designed to be a comprehensive log management solution for small IT environments. Real time analysis of syslog messages from your devices is done from its customizable dashboard.
- Generous 60-day trial period
- Support for Linux, Windows, and macOS
- Vast syslog collection integrations
It comes with powerful search functionalities and the ability to filter results and drill down to those messages that you specifically require, such as error messages only or messages only from a specific device.
Its search capabilities include Boolean, quoted string and wildcard searches; it allows you to search in real time, search time-range, or search by transaction-level.
Splunk’s capabilities can be expanded using add-ons such as the Add-on for Microsoft Windows, which allows you to collect log messages from Windows machines.
It can also be set up to collect syslog data from a forwarder. Splunk Enterprise is a paid system but you can get it on a 60-day free trial.
- Uses powerful query language, great for environments with high log volumes
- The tool is initially lightweight, with additional features supported through plugins
- Supports up to 500 MB of log data per day – solid option for small businesses
- The dashboard interface can take time to get used to, could be made easier to use
- The advanced search features have a steeper learning curve for new users
6. MicroTik The Dude
In a previous article, “Top 10 Free Netflow Analyzers and Collectors,” we discussed the application The Dude, from MicroTik. The Dude is a powerful network administration application; it contains within itself a built-in Free Syslog Server.
- Easy to use, learn, and deploy
- Support for Windows, Linux, and macOS
- Completely free
This server can be turned on in the Server settings, under the “Syslog” tab.
While having The Dude poll your devices (sending out information requests at regular intervals using SNMP) is useful, capturing unsolicited messages from your devices is a more effective way to catch errors quickly.
You can create alerts for specific syslog messages as well as create filters.
The Dude is a great all-purpose application for network administrators.
- Installs on Windows, Linux, and Mac, making this one of the most flexible options for syslog servers
- Can ingest SNMP alerts, ICMP requests, and DNS queries, giving you a wide variety for log collection options
- Utilizes autodiscovery for network mapping and device identification
- Supports log forwarding to other servers or applications
- Not as lightweight as some other simple syslog servers
- Interface can we challenging to learn
7. Progress WhatsUp Gold Log Management
Progress WhatsUp Gold is a network management system that can be expanded by add-ons. One of the add-ons available with this package is the Log Management module.
- Offers various monitoring add-ons
- Lightweight base package
- Features detailed reporting capabilities
The Log Management system can operate as a Syslog server and it will also receive Windows Events messages. It is able to consolidate these two different formats and file them together. The service collects metrics on log message throughputs and will raise an alert if the arrival rate suddenly increases or decreases out of band.
The dashboard of the Log Management tool will show each log message as it arrives. The severity of each message is easy to spot, thanks to the use of color-coded icons that follow a traffic light system.
The Log Management system is only available as an add-on to WhatsUp Gold. These tools are software packages that install on Windows Server. You can access both on a 14-day free trial.
- Offers message forwarding, allowing you to receive logs and alerts on multiple platforms
- Can process six million messages per hour, allowing it to be used in enterprise environments
- Acts as an event viewer, allowing you to import older logs for review
- The interface is clunky, and can be harder to read logs during heavy use
- Only available for Windows
Download Today and Get Started: https://www.whatsupgold.com/trial
Free Syslog server FAQs
How do you forward Windows event logs to a Syslog server?
The easiest way to forward Windows event logs to a Syslog server is to set up a collector. There are a number of these available and some of them are free. Your best option is to use the Kiwi Syslog Server Free Edition. You can read a step-by-step guide on Event log forwarding to Syslog using Kiwi here on the PC & Network Downloads website.
What is the default port used to connect to a Syslog server?
The default port to use when communicating with a Syslog server is UDP port 514.
How do you install Syslog server in Linux?
You can install syslog-ng on Linux with the command: $ sudo apt-get install syslog-ng -y
Grab one of these great Free Syslog Servers today and fire up a Test VM or Server and get it configured to really get a good feeling of the software works, along with their respective feature sets.
We'll continue to update this list throughout the year and if we've missed any software, please feel free to send us an email and we'll happily get the software added after we've reviewed it!