This is the multi-page printable view of this section. Click here to print.
Install syslog-ng with AxoSyslog
1 - Install AxoSyslog with Docker
AxoSyslog provides cloud-ready syslog-ng images. These images differ from the upstream syslog-ng images, because:
- They’re based on Alpine Linux, instead of Debian testing for reliability and smaller size (thus smaller attack surface).
- They incorporate cloud-native features and settings, such as the Kubernetes source.
- They incorporate container-level optimizations for better performance and improved security. For example, they use an alternative malloc library.
- They support the ARM architecture.
The AxoSyslog images support the following architectures:
- amd64
- arm/v7
- arm64
Install the AxoSyslog images
You can find the list of tagged versions at https://github.com/axoflow/axosyslog-docker/pkgs/container/axosyslog.
To install the latest stable version, run:
docker pull ghcr.io/axoflow/axosyslog:latest
You can also use it as a base image in your Dockerfile:
FROM ghcr.io/axoflow/axosyslog:latest
If you want to test a development version, you can use the nightly builds:
docker pull ghcr.io/axoflow/axosyslog:nightly
Note: These named packages are automatically updated when a new package is released. To install a specific version, run
docker pull ghcr.io/axoflow/axosyslog:<version-number>, for example:docker pull ghcr.io/axoflow/axosyslog:4.2.0
Customize the configuration
The AxoSyslog container image stores the configuration file at /etc/syslog-ng/syslog-ng.conf. By default, AxoSyslog collects the local system logs and logs received from the network into the /var/log/messages and /var/log/messages-kv.log files using this configuration file from the syslog-ng repository.
To customize the configuration, create your own configuration file and override the file in the container image with it, for example:
docker run --rm --volume <path-to-your/syslog-ng.conf>:/etc/syslog-ng/syslog-ng.conf ghcr.io/axoflow/axosyslog:latest
Contribute
If you have fixed a bug or would like to contribute your improvements to these images, open a pull request. We truly appreciate your help.
2 - Install AxoSyslog with Podman
AxoSyslog provides cloud-ready syslog-ng images. These images differ from the upstream syslog-ng images, because:
- They’re based on Alpine Linux, instead of Debian testing for reliability and smaller size (thus smaller attack surface).
- They incorporate cloud-native features and settings, such as the Kubernetes source.
- They incorporate container-level optimizations for better performance and improved security. For example, they use an alternative malloc library.
- They support the ARM architecture.
The AxoSyslog images support the following architectures:
- amd64
- arm/v7
- arm64
Install the AxoSyslog images
You can find the list of tagged versions at https://github.com/axoflow/axosyslog-docker/pkgs/container/axosyslog.
To install the latest stable version, run:
podman pull ghcr.io/axoflow/axosyslog:latest
You can also use it as a base image in your Dockerfile:
FROM ghcr.io/axoflow/axosyslog:latest
If you want to test a development version, you can use the nightly builds:
podman pull ghcr.io/axoflow/axosyslog:nightly
Note: These named packages are automatically updated when a new package is released. To install a specific version, run
podman pull ghcr.io/axoflow/axosyslog:<version-number>, for example:podman pull ghcr.io/axoflow/axosyslog:4.2.0
Customize the configuration
The AxoSyslog container image stores the configuration file at /etc/syslog-ng/syslog-ng.conf. By default, AxoSyslog collects the local system logs and logs received from the network into the /var/log/messages and /var/log/messages-kv.log files using this configuration file from the syslog-ng repository.
To customize the configuration, create your own configuration file and override the file in the container image with it, for example:
podman run --rm --volume <path-to-your/syslog-ng.conf>:/etc/syslog-ng/syslog-ng.conf ghcr.io/axoflow/axosyslog:latest
Contribute
If you have fixed a bug or would like to contribute your improvements to these images, open a pull request. We truly appreciate your help.
3 - Install AxoSyslog with Helm
AxoSyslog provides Helm charts for syslog-ng. You can use these charts to install cloud-ready syslog-ng images created and maintained by Axoflow.
Prerequisites
You must have Helm 3.0 or newer installed to use these charts. Refer to the official Helm documentation for details.
Limitations
The chart provides parameters that make it easy to:
- collect logs using the
kubernetes()source, and - forward the logs using the
network()andopensearch()destinations.
To use other sources and destinations, use the config.raw parameter. For the list of configurable parameters and their default values, see Parameters of the AxoSyslog collector Helm chart.
Install
To install the axosyslog-collector charts, complete the following steps.
-
Clone the chart repository.
helm repo add axosyslog https://axoflow.github.io/axosyslog-charts helm repo update -
Install the chart. The following command installs
axosyslog-collectorinto thedefaultnamespace. For the list of configurable parameters and their default values, see Parameters of the AxoSyslog collector Helm chart.helm install --generate-name axosyslog/axosyslog-collectorNAME: axosyslog-collector-1683469360 LAST DEPLOYED: Sun May 7 16:22:40 2023 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: 1. Watch the axosyslog-collector-1683469360 container start. $ kubectl get pods --namespace=default -l app=axosyslog-collector-1683469360 -w -
Check that the pod is running.
kubectl get podsThe output should look like:
NAME READY STATUS RESTARTS AGE axosyslog-collector-1683469360-tptfb 1/1 Running 0 28s
Uninstall
Tip: List all installed releases using
helm list.
To uninstall a chart release, run:
helm delete <name-of-the-release-to-delete>
Contribute
If you have fixed a bug or would like to contribute your improvements to these charts, open a pull request. We truly appreciate your help.
3.1 - Parameters of the AxoSyslog collector Helm chart
The following table lists the configurable parameters of the AxoSyslog collector chart and their default values. For details on installing the chart, see Install AxoSyslog with Helm.
Parameters for syslog-ng configuration
| Parameter | Description | Default |
|---|---|---|
| config.raw | A complete syslog-ng configuration. If this parameter is set, all other parameters in the config section are ignored. For details on how to create a configuration for syslog-ng, see the AxoSyslog Core documentation. | "" |
| config.version | The version string specifies the syslog-ng version the configuration corresponds to. | "" |
| config.sources.kubernetes.enabled | Collect pod logs using the kubernetes() source. If disabled, the chart doesn’t configure any source. For the list of available sources, see the AxoSyslog Core Documentation | true |
The following example uses the config.raw parameter to configure a custom destination:
config:
raw: |
@version: 4.3
@include "scl.conf"
log {
source {
syslog(port(12345));
};
destination {
logscale(
token("your-secret-humio-ingest-token")
);
};
flags(flow-control);
};
daemonset:
hostNetworking: true
Network destination
Send logs over the network, conforming to RFC3164 using the network() destination.
| Parameter | Description | Default |
|---|---|---|
| config.destination.network.address | The IP address of the destination host. | "" |
| config.destination.network.transport | The transport protocol to use. Possible values: tcp, udp | "" |
| config.destination.network.port | The port number to send the messages to. | "" |
| config.destination.network.template | A template to format the messages. | "" |
For example:
config:
destinations:
network:
- transport: tcp
address: localhost
port: 12345
template: "$(format-json .*)"
OpenSearch destination
Send logs to OpenSearch over HTTP or HTTPS.
| Parameter | Description | Default |
|---|---|---|
| config.destination.opensearch.address | The IP address of the OpenSearch server. | "" |
| config.destination.opensearch.index | Name of the OpenSearch index that stores the messages. | "" |
| config.destination.opensearch.user | The username to use for authentication on the OpenSearch server, if not authenticating with a certificate. | "" |
| config.destination.opensearch.password | The password to use for authentication on the OpenSearch server. | "" |
| config.destination.opensearch.tls.CAFile | The CA certificate in PEM format to use when verifying the certificate of the server. | "" |
| config.destination.opensearch.tls.CADir | A directory containing a set of trusted CA certificates in PEM format. The name of the files must be the 32-bit hash of the subject’s name. AxoSyslog collector verifies the certificate of the server using these CA certificates. | "" |
| config.destination.opensearch.tls.Cert | Name of a file containing an X.509 certificate or a certificate chain in PEM format. AxoSyslog collector authenticates with this certificate on the server, with the private key set in the config.destination.opensearch.tls.Key field. If the file contains a certificate chain, the file must begin with the certificate of the host, followed by the CA certificate that signed the certificate of the host, and any other signing CAs in order. | "" |
| config.destination.opensearch.tls.Key | Name of a file containing an unencrypted private key in PEM format. AxoSyslog collector authenticates with this key and the certificate set in the config.destination.opensearch.tls.Cert field. | "" |
| config.destination.opensearch.tls.peerVerify | If true, AxoSyslog collector verifies the certificate of the server with the CA certificates set in config.destination.opensearch.tls.CAFile and config.destination.opensearch.tls.CADir. | "" |
| config.destination.opensearch.template | A template to format the messages. | "" |
For example:
config:
destinations:
opensearch:
- address: 10.104.232.94
index: "test-axoflow-index"
tls:
CAFile: "/path/to/CAFile.pem"
CADir: "/path/to/CADir/"
Cert: "/path/to/Cert.pem"
Key: "/path/to/Key.pem"
peerVerify: true
template: "$(format-json .*)"
Generic parameters
| Parameter | Description | Default |
|---|---|---|
| image.repository | The container image repository | ghcr.io/axoflow/axosyslog |
| image.pullPolicy | The container image pull policy | IfNotPresent |
| image.tag | The container image tag | 4.2.0 |
| image.extraArgs | Custom arguments applied as the value of spec.container.args | [] |
| imagePullSecrets | The names of secrets containing private registry credentials | [] |
| nameOverride | Override the chart name | "" |
| fullnameOverride | Override the full chart name | "" |
| daemonset.enabled | Deploy AxoSyslog as a DaemonSet | true |
| daemonset.labels | Additional labels to apply to the DaemonSet | {} |
| daemonset.annotations | Additional annotations to apply to the DaemonSet | {} |
| daemonset.affinity | Pod affinity | {} |
| daemonset.nodeSelector | Node labels for pod assignment | {} |
| daemonset.resources | Resource requests and limits | {} |
| daemonset.tolerations | Tolerations for pod assignment | [] |
| daemonset.hostAliases | Add host aliases | [] |
| daemonset.secretMounts | Mount additional secrets as volumes | [] |
| daemonset.extraVolumes | Additional volumes to mount | [] |
| daemonset.securityContext | Security context for the pod | {} |
| daemonset.maxUnavailable | The maximum number of unavailable pods during a rolling update | 1 |
| daemonset.hostNetworking | Whether to enable host networking | false |
| rbac.create | Whether to create RBAC resources | false |
| rbac.extraRules | Additional RBAC rules | [] |
| openShift.enabled | Whether to deploy on OpenShift | false |
| openShift.securityContextConstraints.create | Whether to create SecurityContextConstraints on OpenShift | true |
| openShift.securityContextConstraints.annotations | Annotations to apply to SecurityContextConstraints | {} |
| serviceAccount.create | Whether to create a service account | true |
| serviceAccount.annotations | Annotations to apply to the service account | {} |
| namespace | The Kubernetes namespace to deploy to | "" |
| podAnnotations | Additional annotations to apply to the pod | {} |
| podSecurityContext | Security context for the pod | {} |
| securityContext | Security context for the container | {} |
| resources | Resource requests and limits for the container. If not set, the values of daemonset.resources are used. | {} |
| nodeSelector | Node labels for pod assignment | {} |
| tolerations | Tolerations for pod assignment | [] |
| affinity | Pod affinity | {} |
| updateStrategy | Update strategy for the DaemonSet | RollingUpdate |
| priorityClassName | The name of the PriorityClass the pod belongs to | "" |
| dnsConfig | The DNS configuration of the pod | {} |
| hostAliases | Additional entries to the pod’s hosts file | [] |
| secretMounts | Additional secrets to mount for the pod. If not set, the values of daemonset.secretMounts are used. | [] |
| extraVolumes | Additional volumes to mount for the pod. If not set, the values of daemonset.extraVolumes are used. | [] |
| terminationGracePeriodSeconds | How many seconds a pod with a failing probe has before shut down | 30 |