User Guide

1. Login

Open the web UI and log in. Default account:

admin / admin123

Change the password in Profile after first login.

2. Configure devices

Go to Devices and add Syslog source devices. Recommended fields include name, IP address, device type, parse template and group.

3. Configure parse templates

Go to Parse Templates. Supported parse types include JSON, Syslog + JSON, delimiter, key-value delimiter, regex and key-value.

4. Configure filter policies

Go to Filter Policies and define matching rules. A policy can keep or discard logs, match multiple conditions, use AND/OR logic, enable deduplication and trigger alert rules.

5. Configure notification channels

Go to Notifications. Supported channels:

Use Test Send to verify connectivity before using a channel in production.

6. Create output templates

In Notifications → Output Templates, create reusable message formats.

Alert: {{alertName}}
Source: {{sourceIp}}
Severity: {{severity}}

7. Start Syslog service

Use the sidebar service control or Settings to start the Syslog receiver.

<logcat-server-ip>:5140

8. Search logs

Go to Logs to search received logs by keyword, device and time range.

9. Analyze statistics

Go to Statistics for field distribution and Top-N analysis.

10. Production checklist