A variety of sources are supported. Thanks to being based on syslog, SyslogAppliance can receive data from almost all network gear. Support for Windows event log is provided via the add-on components EventReporter or MonitorWare Agent (with additional Windows sources).
By default, SyslogAppliance listens to incoming syslog messages on port 514 both via UDP and TCP (Cisco PIX, for example, is fully supported).
An easy-to-use web interface permits you to search the logs received. Searches can be stored and fully customized so that it is easy to re-run frequently done searches. Data received can be visualized graphically. And while troubleshooting, you have a wealth of problem-solving solutions right at hand. For example, you can look up IP range or domain name owners with a single click right from the web interface. This is a great aid when tracking down attackers.
The appliance supports multiple users, each with their own preferences, stored searches and environment.
Alerts, vie email, snmp or other notifcation methods, can be generated based on any message field, including regular expression matches inside the message text.
Currently, this requires changing a configuration file. In future releases, alerting capabilities will be configurable via an easy to use web interface.