We have created a free syslog server for Windows systems at http://files.star-os.com in the Utilities section.

Although it's simplistic, it does allow you to point any syslog enabled device at it for display/debugging/etc.

There are a few options available:

Maximum size of on screen log
Since output is stored in memory, you are given the choice of how much memory you will allow on screen logs to consume (1-100MB)
Action when limit reached

Empty screen (default) - will clear the log window not saving any data.
Append to file - saves the log window contents to a text file on your hard drive.
Syslog save folder

Choose the folder to save logs to, only needed if you choose the "Append to file" action.
During testing, it was more than able to capture in excess of a 100 messages per second, so it should scale to pretty much any network.

This is a .NET app so the .NET runtime v2.0 or later is required.

Hope everyone enjoys it, let me know if you happen across a bug.

There is one know issue that I am aware of, a complete exit of the application can take up to 30 seconds while the background threads are finishing up. I will work on improving the close time in a future release.

I just wanted to report that I had this set up and working, and thank you for making this available to us.

Glad you like it.

You may want to grab the new release as it has been updated to save the current log contents on exit (if that is what you have chosen in 'Action when limit reached').

As a curiosity... would it be within the realm of readily possible to have an option to tab out the results by subnet or something? Obviously can't complain about free software that works, just something that would fall into the "really nice feature" category for how I'll be using it.

I can't say one way or the other on that right now.

Presently this is a simplified component of something yet to come that's been wrapped in its own window. The 'yet to come' project is the main focus.

However, throughout testing I may extend the functionality of the Free Edition to encompass things such as subnet seperation including seperate log files per subnet, color coding based on severity, acl's, etc.

I could add a simple option that will stream to both the screen and disk file allowing you to do whatever custom scripting you wish.

VncSyslogd has been updated to allow log entries to be streamed to both the screen and disk file by selecting the checkbox marked 'Stream to file'.

This is probably the desired behavior for most as the disk file will be constantly updated allowing custom scripting, database inserts/updates, etc, instead of having to wait for the max screen log size to be reached.

Another update to VncSyslogd (VncSyslogd-0.4).

Added features:
- Color coding based on severity level (Legend on 'Misc' tab)
- 'Mark' button inserts a mark statement to make the log easier to read
- 'Clear Screen' button.. you guessed it, clears the screen, saving to file if that is your chosen action

If you come across a bug, please let me know.

Enjoy.

It seems that when I close the application screen I cannot reopen it. I just get a windows error screen and unless I shut the process down completely I cannot reopen the app???

There is a thread that lingers for a while after you close the app. Once it quits (or you terminate it yourself via the task manager), then you can re-open the app.

Thanks, I guess I wasnt waiting long enough. Works fine nice tool!

The slow closing thread issue has been solved in VncSyslogd-0.5.zip available at http://files.star-os.com

Please report any issues.

CDavis, I was using the tool and it was working great for a day or 2. Then I think I may have installed an application that pooched it. Now when I open it, it stays open for about 8 seconds, then closes. I never see any data in the screen, and the event viewer (windows 2003 server) shows a .net error. I have uninstalled the applications I had installed that may have caused the problem, re-installed .net, and it still doesn.t work.

I saw similar behavior when it was up and loaded on one console session of my monitoring server and I tried to load it on a different console session; perhaps check your active threads to see if you have a lingering thread from a previous session?

What version are you running? A new version was released yesterday (Aug. 14).

If you're using the most recent version of VncSyslogd (currently 0.5) then it shouldn't be a lingering thread issue.

Try as DLNoah mentioned; open your task manager and check to see if there is an instance of 'VncSyslogd.exe' running, if there is kill it and launch it again.

It's possible that something is using UDP port 514 already but if that was the case it should close right away and not after a few seconds.

I'll do some investigating. In the mean time, if you have a way to duplicate that behaviour, please let me know.

Thanks.

Sure, thanks. I'll try it tonight.

VncSyslod-0.6.zip is out and has a couple of new features.

ability to minimize to tray
tray icon has a right-click menu
baloon tips are shown if a message is received with the following severity levels
0 - Emergency
1 - Alert
2 - Critical
Enjoy and please report any issues.

Feature requests, if possible:

- Have the program throw a noisy error when it fails to start appropriately, as opposed to just closing itself again. Specifically for the "something else is listening on UDP 514", perhaps an message stating that's why it's closing, and suggesting to check process list for an instance of "VncSyslogd.exe"

- Have the program run as a service. As it is, my primary environment is a server that I access both in console mode and in remote sessions. It'd be even more useful to have a program that doesn't require a session to be constantly logged in to be running (so I can hook it into the startup if the server reboots or whatever).

Either way, it's working very well and has already enabled us to catch one issue and fix it before the customer even called.

- Have the program run as a service. As it is, my primary environment is a server that I access both in console mode and in remote sessions. It'd be even more useful to have a program that doesn't require a session to be constantly logged in to be running (so I can hook it into the startup if the server reboots or whatever). Not being funny, but that's what you get out of the box with a Linux syslogd. It may be worthwhile having a small Linux box just to handle remote syslogging.

Thanks for the information, Oscar. Perhaps I'll investigate that if needed when the feature set for the Windows syslog freezes.

VncSyslogd-0.7 is at http://files.star-os.com with a couple of fixes.

Checking is now performed to ensure that nothing else is running on the syslog port. if there is then a message indicating so is displayed and the application is closed.

If the VncSyslog.txt file is renamed or deleted while the syslog server is running it will now simply be recreated.

Enjoy and please report any issues.

Additional feature: Email notification on error types of your choice.

Also, it's quite cumbersome trying to find out which node is associating/disassociating. Maybe there's something I'm missing? Could you put the IP address of the node in the log message along with the mac? IP's are easier to trace than mac's...

Syslog doesn't provide any way to resolve MAC to IP or vise versa, only the IP of the machine sending the message.

If your clients are getting their IP addresses from ISC DHCP then the log messages would contain the MAC as well as the IP address.

Notifications of varying types is something that can be explored.

Using .7 I have set up a couple of AP's to use the syslog. These AP's are NATed to my core Star V3 box. So all my messages are showing as coming from the core router. I would figure (bad idea I know) that the packet from the AP would some how show it's own IP address. These Ap's are set up with private IP's for internal use but public subnets for clients. NAT at edge is used so the AP's can update NTP and resolve DNS.

Any ideas how to isolate the AP's in the syslog program so that I can tell them apart? Or will I just have to move this server to the inside of my edge box network so NAT doesn't happen in this case?

Syslog is actually a very simplitic protocol.. it just sends messages with an encoded Priority that is then broken down into Severity and Facility then parsed, no more and no less... no _real_ magic involved.

Running anything through NAT would give the expected result that NAT provides; everything appears as though it is originating from a single address, the syslog messages that you are seeing are proof of that.

To make a long answer short; yes, you would have to be 'inside' or 'before' the spot where NATting takes place in order to get the _real_ IP address(es) of the units that are sending the syslog messages (or any other message/transaction) for that matter.

While playing I was able to just do an IPmap to allow the syslog to tell the difference. I hate to have to put my public server behind my V3 edge server again. But it's do-able for this purpose. It's mainly a monitoring CPU so it can go anyware as long as I can forward some ports to get in it remotely.

Was hopeing that there was maybe something else in the Syslog system that can tell the difference though. But that would most likely defeat NAT's purpose :)

You beat me too it :)

Lol,

Yeah, NAT is a double edged sword... it does what it's supposed to but not alway what you'd like it to, transparently anyhow.

For what it's worth, it always UDP 514.

I think that I'll keep a running log here for everyone to see any forward or backward movement on the VncSyslogd Server.

I should note that forward progress and success of this utility is something that I give great thanks to those that asked to be beta testers; without their direction and focus, this would be and remain at the 0.3 phase.

I am also very, very proud to say, after a couple of weeks of searching and testing, that there is no other Windows based syslog server in existance that comes even close to this one. The only truely 'free' one that I've come accross limits you to about 50 lines of output where ours limits you to 100MB of on screen and unlimited disk file size. I also haven't been able to find one that provides syntax highlighting.

Next post will be the simplistic changelog for the transition from 0.7 to 0.8 (0.8 wil be released once it is deemed stable).

// changes from 0.7 to 0.8 (runing/prelim)
added feature - clicking notification ballon shows form (if form is hidden)
added feature - new tab 'Notifications' for SMS and Email properties
added feature - SMS message(s) on chosen severity level(s) (in 'Notifications' tab)
added feature - Email message(s) on chosen severity level(s) (in 'Notifications' tab)
added internal - checks for various notification(s) and controls(s)
added internal - severity levels (for customized parsing).. not user controlable
fixed cosmetic - 'To Tray' button is anchored to form porperly
fixed internal - code cleanups (distingushable method and property names)
fixed internal - optimized exit cleanup code
fixed internal - optimized port checking code

Ummm, is .8 ready for dl yet? I only see .7 on the file server...tks

.8 is still in testing and should be released soon.

Okey dokey Clive!

I just wanted to report that I have set this up and its working a treat.


Thank you for this little but very helpful program.

Thanks again.

Glad you like it.

I haven't been able to work on it for a little while with other outstanding projects and the upcoming move but I'll get back at it soon.

How about now? .8 ready for action?

Jason,
I sent you a PM.

How about now? .8 ready for action?

Is the .8 version available somewhere?

No, sorry it's not. Time has been short lately and other things have taken prioroty.

On the upside, and as mentioned in previous posts in this thread, this syslog server is part of a much bigger project which I will be getting back into fairly soon, this means that I will also be getting back into the smaller parts such as syslog and snmp.

Just a FYI, the .8 release was going to fix notification support to play nicely with exchange servers and not much else. I still use this tool daily and have had no problems with parsing or logging and I haven't received any bug reports so I was planning on leaving the engine portion alone, if you do find a bug then please let me know.

Otherwise, this is still something that will get worked on and not too far in the future.

A bug fix release is available at http://files.star-os.com and is named:
VncSyslogd-0.9.2.zip

On occasion, the last character of the log line was truncated (eg. 'eth1' was logged as 'eth'), this has been resolved.

VncSyslogd-1.0.0 is available for download from the files website.

There have not been any substantial changes from previous versions other than MS Exchange compatibility being tested and verified to work correctly.

This is considered to be stable and ready for production, after a year and a bit of playing here and there with this application it is very nice to realease a 1.0.0 version.

There is no upgrade path to follow, simply replace your old VncSyslogd.exe with the new one, all of your settings from previous versions will remain intact.

Enjoy everyone.

**There have been no changes to the console version, it has been considered stable and ready for production since its initial release.