aaLog Syslog Forwarder¶
The aaLog Syslog Forwarder reads binary .aaLog files produced by Archestra / Wonderware System Platform and forwards them to any syslog-compatible receiver over the network.
Features¶
- Real-time forwarding -- polls for new log records and sends them immediately
- Multiple syslog formats -- RFC 5424 (IETF), RFC 3164 (BSD), and Key-Value Pair output
- TCP and UDP transport with optional TLS 1.2/1.3 encryption
- RFC 6587 octet-counting framing for reliable TCP delivery
- Send existing logs -- bulk-export all historical records on first run, then stream new ones
- Command-line interface -- every setting is configurable via CLI flags for scripted or headless operation
- Automatic retry with exponential backoff on network failures
- Persistent settings -- saved to JSON between sessions
- Message sanitization -- flatten multi-line messages and truncate to configurable length
How It Works¶
.aaLog binary files aaLogForwarder Syslog receiver
+-----------------+ +----------------+ +---------------+
| ArchestrA logs | ---> | Poll & Format | ---> | Gravwell |
| on disk | | (RFC5424/3164/ | | Splunk |
| | | KVP) | | Graylog |
+-----------------+ +----------------+ | rsyslog / etc |
| +---------------+
Cache file tracks
last-read position
The forwarder uses the aaLogReader library to read binary log files. A cache file in the log directory tracks the last-read message number so each poll only retrieves new records. Records are formatted as syslog messages and sent over the network.
Quick Example¶
Send all existing logs to a syslog server over TLS, then continue streaming new logs:
Or launch the GUI with no arguments:
Next Steps¶
- Installation -- build requirements and setup
- Quick Start -- get forwarding in under 5 minutes
- GUI Reference -- every control explained
- CLI Reference -- full command-line option list