Skip to content

GUI Reference

The forwarder GUI is a single-window WinForms application with three rows of configuration controls, a log output area, and a status bar.

Layout Overview

+-------------------------------------------------------------------+
| Host: [localhost  ] Port: [514 ] Format: [RFC5424] Proto: [TCP]   |
|                                                    [Start] [Stop] |
| [x] Forward Logs  [ ] Use TLS  [x] Validate Cert  [x] Auto-scroll|
|                                           [ ] Send Existing Logs  |
| Poll Interval: [1000] Facility: [16] [ ] Flatten  Max Length: [0] |
+-------------------------------------------------------------------+
|                                                                   |
|  Log output area (read-only, Consolas 9pt)                        |
|                                                                   |
+-------------------------------------------------------------------+
| Ready                                                             |
+-------------------------------------------------------------------+

Row 0 -- Connection Settings

Host

Syslog server hostname or IP address.

  • Type: Text field
  • Default: localhost
  • Validation: Must not be empty. Cannot contain .., /, or \.

Port

Syslog server port number.

  • Type: Masked numeric field (5 digits)
  • Default: 514
  • Range: 1 -- 65535
  • Common values: 514 (plaintext syslog), 6514 (TLS syslog), 1514 (alternate)

Format

Syslog message format.

  • Type: Drop-down (read-only)
  • Options: RFC5424, RFC3164, KVP
  • Default: RFC5424

See Syslog Formats for detailed format descriptions.

Protocol

Network transport protocol.

  • Type: Drop-down (read-only)
  • Options: TCP, UDP
  • Default: TCP

Choosing UDP disables TLS options (TLS is TCP-only).

Start / Stop Buttons

  • Start validates inputs, saves settings, and begins the polling loop.
  • Stop cancels the background task and returns to idle.

Both buttons span two rows. All configuration controls are disabled while running.

Row 1 -- Feature Toggles

Forward Logs

When checked, records are sent over the network. When unchecked, records are read and logged locally but not forwarded. Useful for testing.

  • Default: Checked

Use TLS

Encrypt the TCP connection with TLS 1.2 or TLS 1.3. Only available when Protocol is TCP.

  • Default: Unchecked

Validate Cert

When TLS is enabled, validate the server certificate chain. Uncheck to accept self-signed or expired certificates.

  • Default: Checked

Auto-scroll

Automatically scroll the log output to the latest entry.

  • Default: Checked

Send Existing Logs

When checked, the first poll reads all existing log records from disk (ignoring the cache file). Subsequent polls only read new records. When unchecked, every poll only reads records newer than the last-read position.

  • Default: Unchecked
  • Use case: Initial bulk export of historical logs to a new syslog destination

Row 2 -- Advanced Settings

Poll Interval (ms)

How often the forwarder checks for new records, in milliseconds.

  • Type: Numeric spinner
  • Range: 500 -- 60,000 ms
  • Default: 1,000 ms (1 second)
  • Increment: 500 ms

Lower values detect new records faster but use more CPU. Higher values are gentler on system resources.

Facility (0-23)

Syslog facility code included in the message priority field.

  • Type: Numeric spinner
  • Range: 0 -- 23
  • Default: 16 (local0)
  • Increment: 1
Code Facility Code Facility
0 kernel 12 NTP
1 user 13 audit
2 mail 14 alert
3 daemon 15 cron2
4 auth 16 local0
5 syslog 17 local1
6 lpr 18 local2
7 news 19 local3
8 UUCP 20 local4
9 cron 21 local5
10 authpriv 22 local6
11 FTP 23 local7

Use local0 (16) through local7 (23) for custom applications.

Flatten Messages

Replace newlines in log messages with | separators. Useful for receivers that expect single-line syslog messages.

  • Default: Unchecked
  • Example: "Line 1\nLine 2\nLine 3" becomes "Line 1 | Line 2 | Line 3"

Max Length (0=off)

Truncate messages longer than this many characters. Set to 0 to disable truncation.

  • Type: Numeric spinner
  • Range: 0 -- 100,000
  • Default: 0 (no truncation)
  • Increment: 256

When a message exceeds the limit, it is truncated and ... is appended.

Status Bar

The bottom bar shows the current state:

State Display
Idle Ready
Running OK \| Total: 15 \| Success: 15 \| Fail: 0
Error ERROR \| Consecutive failures: 3 \| Total: 15 \| Fail: 3
Stopped STOPPED - 10 consecutive failures

Log Output

The main text area shows timestamped entries for each polling cycle:

Starting - forwarding to 10.0.0.50:514 via TCP (TLS) format: RFC5424 facility: 16
2024-01-15 10:30:01 - 42 records read
2024-01-15 10:30:02 - 0 records read
*** Network error: No connection could be made because the target machine actively refused it ***
Backing off for 2000ms (failure #1)

The log is read-only. Auto-scroll can be toggled while running.