You Are Here: Main > Products > Syslog Watcher > Inside Syslog Watcher

Inside Syslog Watcher

Syslog Watcher has a high-performance internal architecture. This allows it to process a large number of messages simultaneously. Also, Syslog Watcher can search, display and make reports on a large number of messages contained in storage, without decrease of productivity.

Service Mode

The most effective is Syslog Watcher Pro Edition, working in Service Mode.

In this case, the functionality is divided into two modules. These are Syslog Watcher Service (SWServ2.exe) and Syslog Watcher (SyslogWatcherPro.exe) itself. The service takes upon itself the functions on receiving and processing syslog messages and also servicing the syslog storage. The second module, i.e., Syslog Watcher has a graphical interface, provides interaction with the user, and generates reports.

Syslog Watcher Pro - Internal Work of Syslog Server

Syslog Message Processing

  1. Syslog Watcher Service starts, binds to local network interfaces, and waits for syslog messages.
  2. The syslog message, coming from the network, gets to the primary processing.
  3. The message is being processed (parsed). The name of syslog source is being resolved over DNS.
  4. The processed message is exported to an external text file, when this option is activated.
  5. If Syslog Watcher is running at this moment, it is notified about the new syslog message.
  6. The processed message gets a receiving timestamp and is stored into the storage.
  7. A special thread in the service is responsible for servicing the storage, i.e., deletes the old messages and squeezes the storage, if necessary.
  8. The user runs Syslog Watcher to change settings or examine received syslog messages.
  9. Syslog Watcher reads the messages from the storage, filters and sorts them, uses colorization, and displays them as the list.
  10. Syslog Watcher notifies the user of the new messages with a popup window or sound.
  11. The user generates a report about syslog messages, which is stored in the storage.

Application Mode

The work of Syslog Watcher Pro in Application Mode is similar to the one of Syslog Watcher Standard Edition and Personal Edition. In this case, there is no separation and all the functionality is concentrated in one module.

Syslog Watcher - Internal Work of Syslog Server

This variant is also quite productive, although it is inferior to the previous variant. The features of this variant are: the Windows service is not required for the work and the user can process syslog only when the program is launched.

The manner of syslog message processing is similar to the one described, with all actions performed in one module.

Read more about Performance of Syslog Watcher.