Syslog Server is a crucial part of every IT Administrators’ arsenal when it comes to managing event logs in a centralized location.

We’ve compiled a list of the Best Free Syslog Servers (and Paid ones as well) along with screenshots, minimum requirements and any other pertinent information needed to make your decision when looking for a syslog solution.

Finding a good event log and message collection software is crucial for understanding what your network doing at all times, with integrated alerts and graphs to show real-time issues that arise and possible failures that could be happening.

Here is our list of the best Syslog servers for Windows:

1. Log360 – EDITOR’S CHOICE This is an on-premises system that runs on Windows Server and provides a range of security services that include a SIEM That is based on a log server. The log server is able to receive Syslog messages and can pool them with logs in other formats. Get a 30-day free trial.
2. Logstash This log server forms part of the very popular Elastic Stack along with Elasticsearch and Kibana. Available for Windows, Linux, and macOS
3. EZ5 Syslog Watcher A specialized and efficient Syslog server that can accept logs over UDP or TCP transmissions. Runs on Windows and Windows Server
4. Paessler PRTG This system monitoring bundle includes a sensor to receive Syslog messages and another to receive Windows Events. Available for Windows Server or as a SaaS package.
5. Kiwi Syslog Server This on-premises tool can receive SNMP traps as well as Syslog messages. Runs on Windows Server.
6. Fastvue Syslog Server This straightforward Syslog server receives and files messages and will zip each log file after 30 days. Runs on Windows.
7. Nxlog This command-line log collector comes with a dashboard creator but you can also interface it to your own Kibana front end. Runs on Windows, macOS, Linux, Unix, and Docker.
8. Visual Syslog Server This straightforward tool has some useful features that many other Syslog servers don’t offer. Available for Windows

Some of these Syslog servers give you the flexibility to receive not only syslog messages, but SNMP trap information from multiple appliances for FREE and others have paid variations that offer even greater flexibility.

Feature sets are different for each version, but they all offer the same functionality in collecting messages and events for system logs.

Related Post: SnmpSoft Syslog Watcher

The Best Syslog Servers

1. ManageEngine Log360 – FREE TRIAL

ManageEngine Log360 is a package of security tools that includes a log manager. The package gathers logs, including Syslog messages to create a pool of data on which to perform threat hunting. Other features in the package include Active Directory security measures, insider threat detection, and account takeover analysis. The log manager that is built into the package collects many types of messages, including Syslog. It can save Syslog messages directly to file or convert all log messages into a common format and store them together. 

Key Features:

• Log server: Syslog, Event logs, and software logs
• Log file management: Stores files in rotated log files
• Compliance management: Log storage complies with HIPAA, PCI DSS, GDPR, GLBA, FISMA, ISO 27001, and SOX
• Log consolidation: Converts logs into a common format
• Data viewer: See log messages as they arrive

Why do we recommend it?

Log360 is a large package and it includes many more services than just its log manager. The log manager will collect and store Syslog messages if that’s what you want. It can also collect a mix of log message formats. Log messages are displayed in the console’s data viewer as they arrive and the dashboard also shows metrics related to log activity.

The dashboard shows statistics on logs as well as enabling analysis of log message contents. Factors that the console can calculate include the throughput rate of log messages and the number of logs generated per message type, severity, or source. Those metrics can be just as important as the message contents and you can set up alert triggers on them. Alerts can be sent as notifications by SMS, email, voice call, Slack message, or Service Desk ticket.  

Who is it recommended for?

This is a very large package and wouldn’t be suitable for a small business that is just looking for a Syslog server. However, a large company that needs to put in place threat detection systems and implement compliance would find this a great deal because it provides a Syslog server in with all of those other functions.

ManageEngine produces the software of Log360 for installation on Windows Server. There is a SaaS counterpart available and that is called Log360 Cloud. You can assess Log360 with a 30-day free trial.

2. Logtash

The image above shows a screen that was created with Kibana. This shows the results of Logstash rather than Logstash itself. This is because Logstash is a behind-the-scenes log collector and if you ever get any display of logs, it will be created in Kibana. Logstash and Kibansa are two elements in the Elastic Stack, which is also known as ELK. The two tools provide the L and the K of ELK and the E comes from the companion data processing unit, which is called Elasticsearch. So, you would receive logs with Logstash, process the data with Elasticsearch, and display the results in Kibana. 

Key Features:

• Deployment options: Available for self hosting on premises or on a cloud account and also as a SaaS system.
• Receives logs from many sources: Takes Event Log and software logs as well as Syslogs
• Multifunction: Prepare logs for analysis, storage, or forwarding

Why do we recommend it?

Logstash is a very popular log server. It is widely used as part of the Elastic Stack and many cloud-based log management and threat hunting systems are actually just hosted ELK with pre-written settings and searches. It is possible to get Logstash for free. 

This package is able to perform some processing with the incoming log messages, so you don’t have to rely on Elasticsearch if you just want to marshall your logs. For example, Logstash outputs the logs it receives in several formats. This can be into a file, a database, or as a stream to a specific package, such as Elasticsearch. It is even possible to send logs to monitoring systems, such as Datadog and Dynatrace.

Who is it recommended for?

This service has a wide audience because it is available in both free and paid options. Both tools are the same. However, if you want the tool for free, you will have to host it yourself. You can get Logstash as part of a hosted ELK service. That package is not free but it includes many pre-written functions.

To get the Logstash system for free, you will have to download the software and host it yourself. The package is available for Windows, Linux, and macOS.

3. EZ5 Syslog Watcher

EZ5 Syslog Watcher is a simple, free tool that runs on Windows and collects Syslog messages. The tool receives and displays Syslog messages. It will also file messages and those files can be reloaded into the viewer for examination.

Key Features:

• Syslog collector: Will only collect Syslog messages
• Data viewer: Shows most recent log messages
• Log filing: Store Syslog messages in rotated files

Why do we recommend it?

EZ5 Syslog Watcher is the opposite of ManageEngine Log360 because, while Log360 has a large number of functions of which one is log management, this tool isn’t just focused on log management, it is restricted to Syslog management. The tool is only available for Windows and Windows Server.

There is a free edition of Syslog Watcher. However, as you would expect, it has limitations and most businesses will opt for the paid versions – there are four paid editions. The free edition is limited to monitoring Syslog messages from three sources and it will process up to 5,000 messages per hour. The difference between all of the editions is that progressively pricier editions have more capacity. Otherwise, the functions of all versions are more or less the same.

Who is it recommended for?

The range of editions for Syslog Watcher will appeal to all sizes and types of companies looking for a Syslog server for Windows. The Free edition is only going to interest very small businesses because it is limited to only three sources. The top plan, called Ultimate has no limits on sources or throughput.

This package is available for a free download to run on Windows.

4. Paessler PRTG

Paessler PRTG is a monitoring package. The team behind the package are quite clear that there are no system management functions in there. However, there is at least one: the Syslog Receiver Sensor. All of the modules in the PRTG package are called “sensors.” Paessler explains that the collection of Syslog messages requires 10 sensors per device.

Key Features:

• Syslog collection: Focused on Syslog, doesn’t collect other types of logs
• Displays messages: The most recent messages are shown in the PRTG console
• Filtering possible: Administrators can decide to collect only those messages flagged with a high severity

Why do we recommend it?

Paessler PRTG provides extensive system monitoring services with its network monitoring system providing its core. The package includes a Syslog server that is one of the few system management tools in the bundle. The PRTG system will display metrics about the Syslog messages as they arrive and can also be set up to display the messages. 

The PRTG package also has a sensor for Windows Events. This is called the WMI Event Log Sensor. Both sensors will file the collected log messages. However, it is important to remember that the package doesn’t standardize the format of different message systems. Messages from Syslog and Windows Events are stored separately. The system will only collect messages sent over UDP; it won’t establish TCP connections.

Who is it recommended for?

Companies are more likely to buy PRTG for its system monitoring features than for its log servers. However, any business that is in the market for both would get a good deal out of this package. There is a Free Edition of PRTG, which is limited to 100 sensors. Paessler recommends an allocation of 10 log sensors per device, so it is possible to collect Syslog messages from 10 devices without paying. 

The PRTG system is a software package that will install on Windows Server. It is also available on the cloud as a SaaS platform. You can get a 30-day free trial of PRTG with unlimited sensors. 

5. Kiwi Syslog Server

Kiwi Syslog Server from SolarWinds has a free edition that provides all of the functionality that you will need to receive, store, and forward Syslog messages. The tool installs on Windows or Windows Server and it can receive messages from Linux and Unix systems.

Key Features:

• Focused on Syslog: Can also receive SNMP traps
• Files Syslog messages: Rotates log files
• Message display: Shows all recent messages in the app’s home screen
• Details message data: Shows date and time, severity, and source of the message

Why do we recommend it?

Kiwi Syslog Server Free Edition is a great boon for companies that want to save money. If you just need to receive and store Syslog messages, this utility will do the job. The system shows messages as they arrive together with their attributes and it will also store logs in files.

While the Free edition of the Syslog Server works very well, it is limited to collecting Syslog messages from five sources. So, larger companies would need to step up to the paid version of the Kiwi tool. The full version has more features than the Free Edition, such as log forwarding.

Who is it recommended for?

This tool is suitable for small businesses. The limit on receiving from five sources means that mid-sized and larger organizations will need to switch the paid service instead of this edition. Alternatively, big businesses that want a free Syslog server should look at some of the other utilities on this list.

This is an easy to use package but its limit of only five log sources might be a deal breaker for most readers of this article. Nonetheless, you could try the paid version on a 14-day free trial and then switch to the Free Edition at the end of the trial period if you decide not to buy.  

6. Fastvue Syslog Server 

Fastvue Syslog Server is a free utility that collects Syslog messages and stores them. It also calculates statistics on the arrival rate of messages and this can be filtered by severity. The package doesn’t reformat Syslog messages; it stores logs in text files, which can be compressed to save space.  

Key Features:

• Identifies the device from which Syslog messages originate: Enables filtering per device
• Records the number of Syslog messages arriving per day: Also records the number stored
• Allows for messages to be discarded: Enables an administrator to leave out advisory or debugging messages

Why do we recommend it?

Fastvue Syslog Server has an attractive dashboard and it is easy to set up. This package will run on Windows or Windows Server. The system will create a log file per day. It is possible to direct messages to other applications. Data and the leg messages themselves can be accessed through an API. 

The Fastvue system will zip files after 30 days and it can also calculate a file hash to enable integrity monitoring. As it is a free tool with no paid alternative, there is no limit to the number of devices that the tool will collect messages from and there is no daily throughput limit.

Who is it recommended for?

This tool will be particularly interesting for small businesses and cash-strapped startups. However, Fastvue places no limit on the tool’s capacity, so there is no reason why larger companies shouldn’t use it. One problem with this service is that it only collects Syslog messages, so you can’t pool messages from many different standards with this package.

This system is available for Windows and Windows service and it can be downloaded free of charge.

7. NXLog

NXLog doesn’t have a console. Instead, you can run this system at the command line and then decide whether you want to create a dashboard of your own. The NXLog offers a dashboard creator for a fee or you could create a console in some other framework, such as Kibana.

Key Features:

• Connectors to SIEM systems: Send log data to Splunk, Sentinel, or other tools
• Processes multiple log types: Not limited to Syslog
• Multiple platforms: Runs on Windows, macOS, Linux, Unix, and Docker

Why do we recommend it?

NXLog is a detailed system for processing log messages. It isn’t limited to managing Syslog messages. The service can be used to pre-process logs before sending them to a SIEM. The service can reduce the volume of logs that are sent for analysis by, for example, removing low-severity messages.

This isn’t a user-friendly package. You would need to have a clear plan over what you want to do with log messages rather than just filing them. There are better Syslog servers available for Windows that are easier to use if you just want to pick up log messages and write them to a file. 

Who is it recommended for?

This package is available in a free Community Edition as well as its regular Enterprise Edition. However, this isn’t a tool for small businesses. This is intended for use by administrators and planners that have a specific use in mind for log data, such as to send data to a SIEM or build an activity analyzer. 

The NXLog system is a software package for on-premises hosting. It is available for Windows, macOS, Linux, Unix, and Docker. The system is available as a free Community Edition or you can get a 30-day free trial of the Enterprise Edition. 

8. Visual Syslog Server

Visual Syslog Server is a straightforward free tool for Windows. This utility has none of the complications of the NXLog service. It is a lot easier to set up and it shows the arriving log messages in the same screen that manages the log server process. 

Key Features:

• Runs on Windows: Not available for any other platform
• Shows logs in the screen: Color-coded records according to severity
• Can collect over secure and insecure connections: Can receive through UDP and TCP

Why do we recommend it?

Visual Syslog Server is a good choice for any administrator that just wants to collect Syslog messages and file them. Unlike some simple tools, this package is able to start up a new file if a file has reached a certain size. It will also rotate files by data as well. Other great features include the ability to receive over TCP as well as UDP and a data viewer for recently arrived messages.

The data viewer is a nice extra in this tool. It color codes messages by severity and provides the ability to filter messages or sort them. This service, as its name suggests, will only collect Syslog messages and not logs in other formats.

Who is it recommended for?

Any systems administrator would appreciate this tool. It has some nice features that other free Syslog servers don’t offer. This tool will appeal to large companies as well as small businesses. The package won’t forward logs but you just just set up an automated process to pass data via files.

Visual Syslog Server is available for Windows and you can download it for free.