AxoSyslog started as a syslog-ng [1] fork, branched right after syslog-ng v4.7.1 with the following focus:
- cloud native (containers, helm charts, kubernetes integration),
- security data tailored parsing and transformation (filterx, app-parser, app-transform, etc)
- performance (eBPF, memory allocator, etc),
AxoSyslog (created by the original creators of syslog-ng [1]):
- is a drop in replacement for syslog-ng [1],
- keeps using the same license and development practices.
This repository contains the AxoSyslog source tree, container images, and Helm charts created and maintained by Axoflow.
[1] syslog-ng is a trademark of One Identity.
To start using AxoSyslog, you can use one of these deployment mechanisms:
- pure containers (docker, podman)
- Helm charts (Kubernetes)
- packages (deb, rpm, etc)
Once the binaries are deployed, create a configuration file called
/etc/syslog-ng/syslog-ng.conf
, which will then be processed by
the syslog-ng
process.
A simple example is to ingest syslog traffic on tcp/514 and write it to a file:
@version: 4.7
@include "scl.conf"
log {
source {
system();
network();
};
destination { file("/var/log/syslog"); };
};
You can find more examples in the Quickstart section of the documentation.
You can find the list of tagged versions at https://github.com/axoflow/axosyslog/pkgs/container/axosyslog.
To install the latest stable version, run:
docker pull ghcr.io/axoflow/axosyslog:latest
You can also use it as a base image in your Dockerfile:
FROM ghcr.io/axoflow/axosyslog:latest
If you want to test a development version, you can use the nightly builds:
docker pull ghcr.io/axoflow/axosyslog:nightly
Note: These named packages are automatically updated when a new syslog-ng package is released. To install a specific version, run
docker pull ghcr.io/axoflow/axosyslog:<version-number>
, for example:docker pull ghcr.io/axoflow/axosyslog:4.7.1
The container images contain a default configuration file which you probably want to customize. Read more about using these images directly via podman/docker
Our images are available for the following architectures:
- amd64
- arm/v7
- arm64
AxoSyslog provides Helm charts to deploy on Kubernetes.
Helm must be installed to use the charts. Please refer to Helm's documentation to get started.
Once Helm has been set up correctly, add the repo as follows:
helm repo add axosyslog https://axoflow.github.io/axosyslog
If you had already added this repo earlier, run helm repo update
to retrieve
the latest versions of the packages. You can then run helm search repo axosyslog
to see the charts.
To install the axosyslog chart:
helm install my-axosyslog axosyslog/axosyslog
To uninstall the chart:
helm delete my-axosyslog
Helm charts would use the latest images by default, but you can customize that via the values file. For details, see Install AxoSyslog with Helm.
You can find comprehensive documentation for AxoSyslog on the Axoflow website.
The original founder of syslog-ng forked off AxoSyslog from the original syslog-ng after the 4.7.1 release. AxoSyslog is a drop in replacement, retaining the original license, release schedule and processes.
In case you need help or want to contact us, open a GitHub issue, or come chat with us in the syslog-ng channel of the Axoflow Discord server.
If you have fixed a bug or would like to contribute your improvements to AxoSyslog, open a pull request. We truly appreciate your help.
The Axoflow founder team has a long history and hands-on experience about observability, log management, and how to apply these technologies in the enterprise security context. We also happen to be the original creators of wide-spread open source technologies in this area, like syslog-ng and the Logging operator for Kubernetes.
To learn more about our products and our open-source projects, visit the Axoflow blog, or subscribe to the Axoflow newsletter.