Skip to content

Wasabules/SyslogStudio

BranchesTags

Repository files navigation

SyslogStudio

SyslogStudio

A lightweight, cross-platform desktop application for receiving and analyzing syslog messages in real time. Built with Wails (Go + Svelte).

CI Release License Platform Go Svelte

Screenshots

Live Log Viewer

Real-time message reception with severity badges, sortable columns, and auto-scroll.

Live log viewer

Filtering & Regex Search

Filter by severity, hostname, app, source IP, date range, and regex patterns.

Filtering and regex search

Group By

Organize messages by severity, hostname, app, or source IP with expandable groups and color-coded headers.

Group by severity

History Mode

Browse stored logs from the SQLite database with pagination, even after restarting the app.

History mode with pagination

Alert System

Configure alert rules with pattern matching, severity thresholds, and cooldown. Receive system notifications when rules trigger.

Alert rules and history

Statistics Dashboard

Monitor message rates, severity distribution, top sources, and buffer usage at a glance.

Statistics dashboard

TLS / PKI Assistant

Generate CA and server certificates directly from the UI. No command-line tools required.

TLS PKI Assistant

Settings

Configure theme, language, storage retention, and database management.

Settings panel

Light Theme

Full light theme support with a single click.

Light theme

Features

  • Multi-protocol syslog server — UDP, TCP, and TLS (RFC 5424 & RFC 3164)
  • Real-time log viewer — virtualized list with auto-scroll, sortable columns, and group-by (severity, hostname, app, source IP)
  • Advanced filtering — severity, facility, hostname, app name, source IP, date range, and 3 search modes (see below)
  • Log persistence — SQLite database with configurable retention (by age, count, or size). Browse historical logs with pagination even after restart
  • Database encryption — AES-256-GCM at-rest encryption with Argon2id key derivation. Database is encrypted on exit and decrypted on launch with a user password. Brute-force protection (5 attempts then lockout). Progress reporting for large databases
  • Alert system — configurable rules (pattern, severity threshold, hostname/app filter, cooldown) with system notifications
  • TLS / PKI assistant — generate CA and server certificates from the UI, mutual TLS support, certificate export
  • Statistics dashboard — message rates, severity distribution, top sources, buffer usage
  • Log export — CSV and plain text formats
  • Settings panel — theme, language, storage retention policy, database management (compact, clear), encryption toggle, size estimations
  • Light & dark themes — persisted across sessions
  • 8 languages — English, French, German, Spanish, Portuguese, Italian, Japanese, Chinese
  • Full persistence — server config, alert rules, and logs saved across restarts
  • Cross-platform — Windows (portable + NSIS installer), macOS (universal .app + .dmg), Linux (portable + .deb)
  • Auto-update check — notifies when a new version is available on GitHub
  • Memory-efficient — in-memory ring buffer for live view, SQLite for history, bounded worker pool, async FTS indexing

Search Modes

The search bar supports 3 modes, toggled by clicking the mode button:

Mode Button Speed Syntax Example
Text Aa Instant Simple substring match connection refused
FTS FTS Instant SQLite FTS5 full-text search error OR fail OR timeout
Regex .* Slower Go regular expressions (error|fail)\s+.*timeout

FTS syntax reference:

  • error — single word
  • error fail — both words (AND)
  • error OR fail — either word
  • error NOT debug — exclude word
  • "connection refused" — exact phrase
  • err* — prefix wildcard
  • NEAR(error timeout, 5) — words within 5 tokens

Quick Start

Prerequisites

go install github.com/wailsapp/wails/v2/cmd/wails@latest

Development

# Install frontend dependencies
cd frontend && npm install && cd ..

# Run in development mode (hot reload)
wails dev

The app opens in a native window. A dev server is also available at http://localhost:34115 for browser-based development with access to Go methods.

Build

wails build

Produces build/bin/SyslogStudio.exe (Windows) or the corresponding binary for your platform.

To set the version for auto-update:

wails build -ldflags "-X main.AppVersion=v1.0.0"

Usage

  1. Configure protocols — enable UDP, TCP, and/or TLS with desired port numbers
  2. TLS setup (optional) — click "TLS Config" to generate a CA + server certificate, or load your own
  3. Start the server — click Start; active listeners appear as badges (e.g., UDP:514)
  4. View logs — messages appear in real time (Live mode); switch to History mode to browse stored logs with pagination
  5. Sort & group — click column headers to sort (asc/desc); use the group-by dropdown to organize by severity, hostname, app, or source IP
  6. Filter — use the filter bar to narrow by severity, hostname, source IP, date range, or regex
  7. Alerts — configure alert rules to get notified when specific patterns or severities are detected
  8. Settings — configure retention policy (days, max messages, max DB size), theme, language
  9. Encryption (optional) — enable at-rest encryption in Settings > Storage to protect stored logs with a password
  10. Export — export filtered logs as CSV or TXT

Testing with the Generator

A Python test generator is included (no dependencies, Python 3.7+):

# Send 10 messages/second with realistic content
python tools/syslog_generator.py --rate 10

# Simulate a full incident timeline
python tools/syslog_generator.py --mode scenario

# Test alert rules with specific severity/pattern messages
python tools/syslog_generator.py --mode alert-test

# Stress test (30 seconds, max throughput)
python tools/syslog_generator.py --mode stress

See tools/README.md for all options (UDP/TCP/TLS, RFC 5424/3164, severity profiles, burst mode).

Default Ports

Protocol Port
UDP 514
TCP 514
TLS 6514

Ports below 1024 may require elevated privileges depending on your OS.

Storage

Messages are persisted in a local SQLite database with configurable retention:

Setting Options Default
Retention 1, 7, 30, 90 days, unlimited 7 days
Max messages 10K, 100K, 1M, 10M, unlimited 1M
Max DB size 100 MB, 500 MB, 1 GB, 5 GB, unlimited 500 MB

Approximate storage: ~560 bytes per message (1M messages ~ 530 MB).

Encryption

At-rest encryption protects the log database when the application is closed.

Details
Algorithm AES-256-GCM (authenticated encryption)
Key derivation Argon2id (64 MB memory, 3 iterations, 4 threads)
What's encrypted The SQLite database file (logs.db)
When Encrypted on app exit, decrypted on app launch
Password storage Never saved to disk — exists only in memory while the app runs
Brute-force protection 5 attempts per session, then the app closes

Warning: If you forget your password, the database is permanently inaccessible. There is no recovery mechanism.

Enable encryption in Settings > Storage > Encrypt database at rest.

Documentation

Contributing

See CONTRIBUTING.md for development setup, workflow, and code style guidelines.

License

MIT

About

Lightweight cross-platform desktop syslog viewer and analyzer. UDP/TCP/TLS, real-time filtering, FTS5 search, alerts, PKI assistant, at-rest encryption. Built with Go + Svelte (Wails).

Topics

desktop-app tls golang encryption log-analysis cross-platform log-viewer syslog svelte network-monitoring syslog-server wails syslog-viewer

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v1.1.0 Latest
Apr 6, 2026
+ 2 releases

Packages

 
 
 

Contributors

Languages