Logging to separate virtual displays depends on the content or type of a given syslog message and this can be achieved in several ways.
The first method relies on ensuring that devices such as firewalls, routers, and switches have all been configured to log to different facilities. Each facility relates directly to a corresponding virtual display. This is the recommended method of logging to different Virtual Displays for the Freeware version of Kiwi Syslog Daemon.
The second method requires filtering by individual hostname or host IP address, with each different IP address or hostname group logged to a different virtual display. This avoids any reliance on the first methog by having each device group configured to log to different facilities. Also, this method requires using the licensed version.
There are 10 virtual displays you can send syslog messages to. You can rename the displays to something more meaningful than Display(nn), by using the File | Setup | Display menu option, choose the display from the "Modify display names" dropdown, enter a new name into the field provided, then click Update.
This will enable you to define Virtual displays such as "Firewalls", "Routers", "Switches", etc., instead of the default names "Display01", "Display02", etc. We recommend that you leave the Display 00 (Default) virtual display as it is, and also leave the Default rule (which logs all events to Display00) in place.
Download the latest version of Kiwi Syslog Daemon.
If you still have questions after following the instructions provided, then please use the technical support form to receive further assistance.