The Syslog Monitor receives logs from syslog agents on devices on your network. You configure those devices to forward their logs to PA Server Monitor. When a log line is received, the Syslog Monitor can store it in a database and optionally alert on it (send an email or write it to a log file for example).
By default, the Syslog Monitor listens on the standard 514 syslog port. This can be changed in the registry at:
The monitor shows a grid of the standard syslog severities across the top, and standard facilities going down the left side. If you want the monitor to react to a syslog of a particular severity and facility, check that box. Syslogs that correspond to an unchecked box are ignored. All syslogs that match a checked box get written to a database for use in reports.
In addition to the severity/facility grid, you can also specify filters to further narrow which syslogs will cause alerts to fire and which you would like to ignore. Select the Filter Box in the column next to the Syslog.
Select the Add button to add a filter or Edit to edit a filter using text or a Regular Expression.
Syslogs that match the filter (which requires that they also match the severity/facility grid) will cause actions to fire. These actions can send email, write to log file, write to the Windows Event Log, etc.
If you want different actions to run for different syslogs (perhaps some events going to one group and some events going to another group), you can create multiple Syslog Monitors with different filters, grid settings and attached actions.
Like all monitors, this monitor has standard buttons on the right for Adding Actions and setting Advanced Options. This monitor does not have a Schedule button since a schedule is not needed to receive syslogs.
Besides live alerting on particular syslogs, you can also run reports to review syslogs that have been received and processed. You can filter on sending computer, severity, facility, and date range.
If you want to do your own processing or reporting on received syslog entries, they are stored in the SyslogEntries table (in the C:\Program Files (x86)\PA Server Monitor\Databases\SyslogMonitor.db file if using the embedded SQLite database).