Understand the Components#

WinSyslog is easiest to understand if you separate its main components by role.

The four components#

WinSyslog Service This is the main runtime component. It runs in the background as a Windows service, receives log data through configured input services, processes it through rulesets and actions, and stores or forwards the results.
WinSyslog Configuration Client This is the administrative user interface. You use it to configure input services, rulesets, filters, and actions. Changes are made in the Configuration Client and then applied to the WinSyslog service. It is also where you send a test syslog message from the Tools menu.
Interactive Syslog Viewer This is the live-view component for interactive monitoring. It does not show data automatically by itself. WinSyslog must forward messages to it via a rule.
Adiscon LogAnalyzer This is an optional analysis component for working with stored logs, especially in files or databases. It is for browsing and reviewing retained data, not for live message intake.

The WinSyslog service runs the configured input services, rulesets, and actions that do the actual receiving, processing, storing, and forwarding.
The configuration client defines what those input services, rulesets, and actions should do and is where configuration changes are applied before the runtime service uses them.
The Interactive Syslog Viewer can display incoming messages live if the WinSyslog service forwards them there.
LogAnalyzer works on stored log data after the WinSyslog service has written it to a file or database.

For the current split between remote administration and browser-based review, see How Do Remote Administration and Browser-Based Log Review Fit Together?.