Open the web UI and log in. Default account:
admin / admin123Change the password in Profile after first login.
Go to Devices and add Syslog source devices. Recommended fields include name, IP address, device type, parse template and group.
Go to Parse Templates. Supported parse types include JSON, Syslog + JSON, delimiter, key-value delimiter, regex and key-value.
Go to Filter Policies and define matching rules. A policy can keep or discard logs, match multiple conditions, use AND/OR logic, enable deduplication and trigger alert rules.
Go to Notifications. Supported channels:
Use Test Send to verify connectivity before using a channel in production.
In Notifications → Output Templates, create reusable message formats.
Alert: {{alertName}}
Source: {{sourceIp}}
Severity: {{severity}}
Use the sidebar service control or Settings to start the Syslog receiver.
<logcat-server-ip>:5140
Go to Logs to search received logs by keyword, device and time range.
Go to Statistics for field distribution and Top-N analysis.