Syslogstudio
SyslogStudio
A lightweight, cross-platform desktop application for receiving and analyzing syslog messages in real time. Built with Wails (Go + Svelte).
Screenshots
Live Log Viewer
Real-time message reception with severity badges, sortable columns, and auto-scroll.
Filtering & Regex Search
Filter by severity, hostname, app, source IP, date range, and regex patterns.
Group By
Organize messages by severity, hostname, app, or source IP with expandable groups and color-coded headers.
History Mode
Browse stored logs from the SQLite database with pagination, even after restarting the app.
Alert System
Configure alert rules with pattern matching, severity thresholds, and cooldown. Receive system notifications when rules trigger.
Statistics Dashboard
Monitor message rates, severity distribution, top sources, and buffer usage at a glance.
TLS / PKI Assistant
Generate CA and server certificates directly from the UI. No command-line tools required.
Settings
Configure theme, language, storage retention, and database management.
Light Theme
Full light theme support with a single click.
Features
- Multi-protocol syslog server — UDP, TCP, and TLS (RFC 5424 & RFC 3164)
- Real-time log viewer — virtualized list with auto-scroll, sortable columns, and group-by (severity, hostname, app, source IP)
- Advanced filtering — severity, facility, hostname, app name, source IP, date range, and 3 search modes (see below)
- Log persistence — SQLite database with configurable retention (by age, count, or size). Browse historical logs with pagination even after restart
- Database encryption — AES-256-GCM at-rest encryption with Argon2id key derivation. Database is encrypted on exit and decrypted on launch with a user password. Brute-force protection (5 attempts then lockout). Progress reporting for large databases
- Alert system — configurable rules (pattern, severity threshold, hostname/app filter, cooldown) with system notifications
- TLS / PKI assistant — generate CA and server certificates from the UI, mutual TLS support, certificate export
- Statistics dashboard — message rates, severity distribution, top sources, buffer usage
- Log export — CSV and plain text formats
- Settings panel — theme, language, storage retention policy, database management (compact, clear), encryption toggle, size estimations
- Light & dark themes — persisted across sessions
- 8 languages — English, French, German, Spanish, Portuguese, Italian, Japanese, Chinese
- Full persistence — server config, alert rules, and logs saved across restarts
- Cross-platform — Windows (portable + NSIS installer), macOS (universal .app + .dmg), Linux (portable + .deb)
- Auto-update check — notifies when a new version is available on GitHub
- Memory-efficient — in-memory ring buffer for live view, SQLite for history, bounded worker pool, async FTS indexing
Search Modes
The search bar supports 3 modes, toggled by clicking the mode button:
| Mode | Button | Speed | Syntax | Example |
|---|---|---|---|---|
| Text | Aa |
Instant | Simple substring match | connection refused |
| FTS | FTS |
Instant | SQLite FTS5 full-text search | error OR fail OR timeout |
| Regex | .* |
Slower | Go regular expressions | (error|fail)\s+.*timeout |
FTS syntax reference:
error— single worderror fail— both words (AND)error OR fail— either worderror NOT debug— exclude word"connection refused"— exact phraseerr*— prefix wildcardNEAR(error timeout, 5)— words within 5 tokens
Quick Start
Prerequisites
go install github.com/wailsapp/wails/v2/cmd/wails@latest
Development
# Install frontend dependencies
cd frontend && npm install && cd ..
# Run in development mode (hot reload)
wails dev
The app opens in a native window. A dev server is also available at http://localhost:34115 for browser-based development with access to Go methods.
Build
wails build
Produces build/bin/SyslogStudio.exe (Windows) or the corresponding binary for your platform.
To set the version for auto-update:
wails build -ldflags "-X main.AppVersion=v1.0.0"
Usage
- Configure protocols — enable UDP, TCP, and/or TLS with desired port numbers
- TLS setup (optional) — click "TLS Config" to generate a CA + server certificate, or load your own
- Start the server — click Start; active listeners appear as badges (e.g.,
UDP:514) - View logs — messages appear in real time (Live mode); switch to History mode to browse stored logs with pagination
- Sort & group — click column headers to sort (asc/desc); use the group-by dropdown to organize by severity, hostname, app, or source IP
- Filter — use the filter bar to narrow by severity, hostname, source IP, date range, or regex
- Alerts — configure alert rules to get notified when specific patterns or severities are detected
- Settings — configure retention policy (days, max messages, max DB size), theme, language
- Encryption (optional) — enable at-rest encryption in Settings > Storage to protect stored logs with a password
- Export — export filtered logs as CSV or TXT
Testing with the Generator
A Python test generator is included (no dependencies, Python 3.7+):
# Send 10 messages/second with realistic content
python tools/syslog_generator.py --rate 10
# Simulate a full incident timeline
python tools/syslog_generator.py --mode scenario
# Test alert rules with specific severity/pattern messages
python tools/syslog_generator.py --mode alert-test
# Stress test (30 seconds, max throughput)
python tools/syslog_generator.py --mode stress
See tools/README.md for all options (UDP/TCP/TLS, RFC 5424/3164, severity profiles, burst mode).
Default Ports
| Protocol | Port |
|---|---|
| UDP | 514 |
| TCP | 514 |
| TLS | 6514 |
Ports below 1024 may require elevated privileges depending on your OS.
Storage
Messages are persisted in a local SQLite database with configurable retention:
| Setting | Options | Default |
|---|---|---|
| Retention | 1, 7, 30, 90 days, unlimited | 7 days |
| Max messages | 10K, 100K, 1M, 10M, unlimited | 1M |
| Max DB size | 100 MB, 500 MB, 1 GB, 5 GB, unlimited | 500 MB |
Approximate storage: ~560 bytes per message (1M messages ~ 530 MB).
Encryption
At-rest encryption protects the log database when the application is closed.
| Details | |
|---|---|
| Algorithm | AES-256-GCM (authenticated encryption) |
| Key derivation | Argon2id (64 MB memory, 3 iterations, 4 threads) |
| What's encrypted | The SQLite database file (logs.db) |
| When | Encrypted on app exit, decrypted on app launch |
| Password storage | Never saved to disk — exists only in memory while the app runs |
| Brute-force protection | 5 attempts per session, then the app closes |
Warning: If you forget your password, the database is permanently inaccessible. There is no recovery mechanism.
Enable encryption in Settings > Storage > Encrypt database at rest.
Documentation
- User Guide — complete usage documentation
- TLS Setup Guide — TLS configuration, PKI assistant, mutual TLS
- Architecture — detailed technical architecture
- Test Generator — syslog message generator for testing
Contributing
See CONTRIBUTING.md for development setup, workflow, and code style guidelines.
License
