Skip to content

Quick Start

Get syslog forwarding running in under 5 minutes.

1. Launch the Forwarder

Double-click aaLogGUITester.exe or run it from a terminal. The GUI opens with default settings.

2. Configure the Destination

Setting What to enter
Host Your syslog server hostname or IP (e.g., 10.0.0.50)
Port Syslog port (default: 514 for plaintext, 6514 for TLS)
Protocol TCP for reliable delivery, UDP for fire-and-forget
Format RFC5424 is recommended for modern receivers

3. (Optional) Enable TLS

If your syslog server supports TLS:

  1. Set Protocol to TCP
  2. Check Use TLS
  3. If using a self-signed certificate, uncheck Validate Cert

4. Start Forwarding

Click Start. The log window will show records being read and forwarded:

Starting - forwarding to 10.0.0.50:514 via TCP (plaintext) format: RFC5424 facility: 16
2024-01-15 10:30:01 - 42 records read
2024-01-15 10:30:02 - 0 records read
2024-01-15 10:30:03 - 3 records read

5. Send Historical Logs

To forward all existing logs (not just new ones):

  1. Check Send Existing Logs before clicking Start
  2. The first poll will read all records from disk
  3. Subsequent polls will only send new records

Command-Line Quick Start

Forward all logs to a TLS-enabled syslog server in one command:

aaLogGUITester.exe --host syslog.example.com --port 6514 --tls --send-all --start

The --start flag begins forwarding immediately. All other flags configure the connection.

What Happens Next

  • The forwarder polls for new records every 1 second (configurable)
  • A cache file in the log directory tracks the last-read position
  • On network failure, it retries with exponential backoff (up to 30 seconds)
  • After 10 consecutive failures, it stops automatically
  • Settings are saved to %LOCALAPPDATA%\aaLogForwarder\settings.json