As part of the upcoming Syslog Watcher 5.0 release, we have created a simple utility for testing the syslog protocol. The beta version of our new server will be available soon, but the testing application is available now:

Syslog Generator can send single syslog messages, as well as generate a large number of syslog packets to test a syslog server performance. The utility does not require installation, and it is quite easy to use, especially if your server uses standard UDP/514 configuration.

Please do not use it to test a production server, as a huge number of incoming syslogs can lead to a temporary denial of service. Use a test platform for experiments instead.

Syslog Generator is an excellent tool for evaluating the real performance of your hardware. We often get questions about the hardware requirements for Syslog Watcher to handle a particular flow of syslogs. There are no simple answers because server performance depends on many conditions and settings. It is hard to say how many syslog messages per second Syslog Watcher can handle based on just CPU frequency and RAM amount.

Another use of Syslog Generator is to compare the performance of Syslog Watcher with other syslog solutions. To illustrate this case, we conducted a small experiment. As a test platform, we chose an EC2 virtual machine (Amazon AWS), so anyone can easily repeat the experience.

Microsoft Windows 2012 R2 Standard, 64-bit, c3.xlarge (14 ECUs, 4 vCPUs, 7.5 GiB RAM, 2 x 40 GiB SSD Storage)

We installed Syslog Watcher 4.8.3 and another syslog server on the same EC2 instance. All program settings defaulted, except just one: the folder to save the collected data has been moved to one of the connected 40 GiB SSD drives.

How about one million syslogs per minute?

Syslog Watcher easily handles a million per minute with no loss or delays, and it is not the limit.

The other syslog server was able to collect only ~50% of syslog messages.

This quick comparison is not intended to be a serious research, however, confirms the outstanding performance of Syslog Watcher.