LogZilla

Syslog Settings

The Syslog Daemon settings page configures the built-in syslog-ng listeners: ports, buffering, debug logging, and PCI-compliant capture.

For device or application setup, see Receiving Data. For advanced pipeline customization using config.yaml and conf.d/, see Syslog pipeline customization.

Location in UI

Settings → System Settings → Syslog Daemon

Listener ports

The following fields appear in the Syslog Daemon settings pane. Enter a port number to enable the listener, or leave 0 to disable it.

Field (UI label)	Protocol
Syslog Bsd Tcp Port	BSD RFC3164 TCP
Syslog Bsd Udp Port	BSD RFC3164 UDP
Syslog Rfc5424 Port	RFC5424 TCP
Syslog Json Port	JSON over TCP
Syslog Raw Tcp Port	Raw TCP
Syslog Raw Udp Port	Raw UDP
Syslog Tls Port	TLS

Application Ports

LogZilla provides dedicated syslog ports for vendors whose log format requires separate handling. These are configured under Settings → System Settings → Application Ports. Enter a port number in the matching field to enable reception, or leave it set to 0 to disable it.

Setting	Covers
Syslog Arista Eos Port	Arista EOS switches
Syslog Checkpoint Port	Check Point firewalls
Syslog Datapower Port	IBM DataPower gateways
Syslog Dell N Series Port	Dell N-Series switches
Syslog Fireeye Port	FireEye appliances
Syslog Infoblox Port	Infoblox NIOS (DNS, DHCP, audit, ADP)
Syslog Meraki Port	Cisco Meraki devices
Syslog Paloalto Port	Palo Alto firewalls
Syslog Paloalto Sdwan Ion Port	Palo Alto Prisma SD-WAN ION appliances
Syslog Symantec Port	Symantec Endpoint Protection
Syslog Unifi Port	Ubiquiti UniFi devices
Syslog Vmware Port	VMware ESXi and vCenter

Notes:

TLS requires valid cert and key files. The paths are set in the Syslog Tls Cert File and Syslog Tls Key File fields on the same settings page.

Flow control and buffering

The following fields control queue behavior and buffer sizing:

Syslog Max Connections
Syslog Flow Control
Syslog Disk Buffer
Syslog Buffer Reliable
Syslog Memory Buffer Size Mb
Syslog Memory Buffer Length
Syslog Disk Buffer Size Mb

Destination batching

Syslog Destination Workers
Syslog Destination Batch Lines
Syslog Destination Batch Timeout

Debug logging

Syslog Debug - writes to /var/log/logzilla/syslog/debug.log
Syslog Debug Json - writes to /var/log/logzilla/syslog/debug-json.log

Important:

Disable debug toggles after troubleshooting to reduce load and disk usage.

PCI compliant logs

Pci Compliant Logs - writes to /var/log/logzilla/pci-compliant/

Extra log rules (advanced)

Syslog Extra Log Rules - injects directives into the main log {} section. Use carefully. For full customization, see Syslog pipeline customization.

Managing these settings from the command line

The same fields are available via the CLI. Use logzilla config list and logzilla config update rather than logzilla settings list / logzilla settings update. The CLI uses the underlying field names in UPPER_SNAKE_CASE:

UI field	CLI key
Syslog Bsd Udp Port	`SYSLOG_BSD_UDP_PORT`
Syslog Bsd Tcp Port	`SYSLOG_BSD_TCP_PORT`
Syslog Rfc5424 Port	`SYSLOG_RFC5424_PORT`
Syslog Json Port	`SYSLOG_JSON_PORT`
Syslog Raw Tcp Port	`SYSLOG_RAW_PORT`
Syslog Raw Udp Port	`SYSLOG_RAW_UDP_PORT`
Syslog Tls Port	`SYSLOG_TLS_PORT`
Syslog Tls Cert File	`SYSLOG_TLS_CERT_FILE`
Syslog Tls Key File	`SYSLOG_TLS_KEY_FILE`
Syslog Max Connections	`SYSLOG_MAX_CONNECTIONS`
Syslog Flow Control	`SYSLOG_FLOW_CONTROL`
Syslog Disk Buffer	`SYSLOG_DISK_BUFFER`
Syslog Buffer Reliable	`SYSLOG_BUFFER_RELIABLE`
Syslog Memory Buffer Size Mb	`SYSLOG_MEMORY_BUFFER_SIZE_MB`
Syslog Memory Buffer Length	`SYSLOG_MEMORY_BUFFER_LENGTH`
Syslog Disk Buffer Size Mb	`SYSLOG_DISK_BUFFER_SIZE_MB`
Syslog Destination Workers	`SYSLOG_DESTINATION_WORKERS`
Syslog Destination Batch Lines	`SYSLOG_DESTINATION_BATCH_LINES`
Syslog Destination Batch Timeout	`SYSLOG_DESTINATION_BATCH_TIMEOUT`
Syslog Debug	`SYSLOG_DEBUG`
Syslog Debug Json	`SYSLOG_DEBUG_JSON`
Pci Compliant Logs	`PCI_COMPLIANT_LOGS`
Syslog Extra Log Rules	`SYSLOG_EXTRA_LOG_RULES`