AxoSyslog started as a syslog-ng [1] fork, branched right after syslog-ng v4.7.1 with the following focus:
- cloud native (containers, helm charts, kubernetes integration),
- security data tailored parsing and transformation (filterx, app-parser, app-transform, etc)
- performance (eBPF, memory allocator, etc),
AxoSyslog (created by the original creators of syslog-ng [1]):
- is a drop in replacement for syslog-ng [1],
- keeps using the same license and development practices.
This repository contains the AxoSyslog source tree, container images, and Helm charts created and maintained by Axoflow.
[1] syslog-ng is a trademark of One Identity.
To start using AxoSyslog, you can use one of these deployment mechanisms:
- pure containers (docker, podman)
- Helm charts (Kubernetes)
- packages (deb, rpm, etc)
Once the binaries are deployed, create a configuration file called
/etc/syslog-ng/syslog-ng.conf
, which will then be processed by
the syslog-ng
process.
A simple example is to ingest syslog traffic on tcp/514 and write it to a file:
@version: 4.9
@include "scl.conf"
log {
source {
system();
network();
};
destination { file("/var/log/syslog"); };
};
You can find more examples in the Quickstart section of the documentation.
You can find the list of tagged versions at https://github.com/axoflow/axosyslog/pkgs/container/axosyslog.
To install the latest stable version, run:
docker pull ghcr.io/axoflow/axosyslog:latest
You can also use it as a base image in your Dockerfile:
FROM ghcr.io/axoflow/axosyslog:latest
If you want to test a development version, you can use the nightly builds:
docker pull ghcr.io/axoflow/axosyslog:nightly
Note: These named packages are automatically updated when a new AxoSyslog package is released. To install a specific version, run
docker pull ghcr.io/axoflow/axosyslog:<version-number>
, for example:docker pull ghcr.io/axoflow/axosyslog:4.9.0
The container images contain a default configuration file which you probably want to customize. Read more about using these images directly via podman/docker
Our images are available for the following architectures:
- amd64
- arm/v7
- arm64
AxoSyslog provides Helm charts to deploy on Kubernetes.
Helm must be installed to use the charts. Please refer to Helm's documentation to get started.
Once Helm has been set up correctly, add the repo as follows:
helm repo add axosyslog https://axoflow.github.io/axosyslog
If you had already added this repo earlier, run helm repo update
to retrieve
the latest versions of the packages. You can then run helm search repo axosyslog
to see the charts.
To install the axosyslog chart:
helm install my-axosyslog axosyslog/axosyslog
To uninstall the chart:
helm delete my-axosyslog
Helm charts would use the latest images by default, but you can customize that via the values file. For details, see Install AxoSyslog with Helm.
You can install AxoSyslog on your Debian-based system from Axoflow's APT repository. AxoSyslog is a drop in replacement for the syslog-ng Debian package, all the binaries and configuration files are stored at the same place on your system.
The following x86-64 distros are supported:
Distro | sources.list component |
---|---|
Debian 12 | debian-bookworm |
Debian 11 | debian-bullseye |
Debian Unstable | debian-sid |
Debian Testing | debian-testing |
Ubuntu 24.10 | ubuntu-oracular |
Ubuntu 24.04 | ubuntu-noble |
Ubuntu 22.04 | ubuntu-jammy |
Ubuntu 20.04 | ubuntu-focal |
To add the APT repo (e.g. Ubuntu 24.04):
wget -qO - https://pkg.axoflow.io/axoflow-code-signing-pub.asc | gpg --dearmor > /usr/share/keyrings/axoflow-code-signing-pub.gpg
echo "deb [signed-by=/usr/share/keyrings/axoflow-code-signing-pub.gpg] https://pkg.axoflow.io/apt stable ubuntu-noble" | tee --append /etc/apt/sources.list.d/axoflow.list
apt update
Nightly builds are also available:
echo "deb [signed-by=/usr/share/keyrings/axoflow-code-signing-pub.gpg] https://pkg.axoflow.io/apt nightly ubuntu-noble" | tee --append /etc/apt/sources.list.d/axoflow.list
To install AxoSyslog:
apt install axosyslog
You can install AxoSyslog on your RPM-based system from Axoflow's RPM repository. AxoSyslog is a drop in replacement for the syslog-ng RPM package, all the binaries and configuration files are stored at the same place on your system.
The following x86-64 distros are supported:
Distro | axosyslog.repo component |
---|---|
Fedora 39 | fedora |
Fedora 40 | fedora |
Fedora 41 | fedora |
AlmaLinux 8 | almalinux |
AlmaLinux 9 | almalinux |
To add the RPM repo (e.g. Fedora 41):
yum install -y epel-release
tee /etc/yum.repos.d/axosyslog.repo <<< '[axosyslog]
name=AxoSyslog
baseurl=https://pkg.axoflow.io/rpm/stable/fedora-$releasever/$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://pkg.axoflow.io/axoflow-code-signing-pub.asc' > /dev/null
yum update -y
Nightly builds are also available:
tee /etc/yum.repos.d/axosyslog.repo <<< '[axosyslog]
name=AxoSyslog
baseurl=https://pkg.axoflow.io/rpm/nightly/fedora-$releasever/$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://pkg.axoflow.io/axoflow-code-signing-pub.asc' > /dev/null
To install AxoSyslog:
yum install -y axosyslog
As the example above showed, EPEL is necessary for AxoSyslog to work. Certain AxoSyslog modules need extra dependencies on some of the supported distros.
dnf install -y dnf-plugins-core
yum install -u yum-plugin-copr
yum config-manager --set-enabled powertools
dnf config-manager --set-enabled crb
You can find comprehensive documentation for AxoSyslog on the Axoflow website.
The original founder of syslog-ng forked off AxoSyslog from the original syslog-ng after the 4.7.1 release. AxoSyslog is a drop in replacement, retaining the original license, release schedule and processes.
In case you need help or want to contact us, open a GitHub issue, or come chat with us in the syslog-ng channel of the Axoflow Discord server.
If you have fixed a bug or would like to contribute your improvements to AxoSyslog, open a pull request. We truly appreciate your help.
The Axoflow founder team has a long history and hands-on experience about observability, log management, and how to apply these technologies in the enterprise security context. We also happen to be the original creators of wide-spread open source technologies in this area, like syslog-ng and the Logging operator for Kubernetes.
To learn more about our products and our open-source projects, visit the Axoflow blog, or subscribe to the Axoflow newsletter.