What is WatchLog?
Designed to collect events for storage.
Enabling wide visibility for your team from anywhere.
Why WatchLog?
While every device is capable of collecting log events, that information is no good in isolation.
WatchLog increases visibility of your assets, enabling your team to diagnose issues regardless of their location.
WatchLog is designed to be easy to integrate with Wazuh, Elastic, Zeek, or any log tool.
Features
Easy Integration
Integrate WatchLog into your existing infrastructure.
Real-Time Analysis
Get insights and analytics in real-time to make informed decisions.
Secure Storage
Securely store logs using a flexible server.
Architecture
graph LR
A(ReadConfig) --> L1(path/to/syslog)
A --> L2(path/to/auth.log)
A --> L3(path/to/messages)
A --> L4(path/to/secure)
L1 --> W(WatchLog)
L2 --> W
L3 --> W
L4 --> W
W --> Col(Collector)
Col --> W
Col --> Enc(Encrypt)
Enc --> Cmpr(Compress)
Cmpr --> Tx(Transmit)
Tx --> |purge| Col
Tx --> S[(StorageController)]
graph LR
S[(StorageController)] --> l1(logs/auth/)
S --> l2(logs/syslog/)
S --> l3(logs/messages/)
S --> l4(logs/secure/)
l1 --> h1(yyyy-mm-dd/hh-mm)
l1 --> h2(yyyy-mm-dd/hh-mm)
l2 --> h3(yyyy-mm-dd/hh-mm)
l2 --> h4(yyyy-mm-dd/hh-mm)
l3 --> h5(yyyy-mm-dd/hh-mm)
l3 --> h6(yyyy-mm-dd/hh-mm)
l4 --> h7(yyyy-mm-dd/hh-mm)
l4 --> h8(yyyy-mm-dd/hh-mm)