Skip to content

A tiny and simple syslog server with log rotation in Go. Works with Docker and Kubernetes.

License

Notifications You must be signed in to change notification settings

alexferl/tinysyslog

Repository files navigation

tinysyslog Go Report Card codecov

A tiny and simple syslog server with log rotation. tinysyslog was born out of the need for a tiny, easy to set up and use syslog server that simply writes every incoming log (in RFC 5424 format only) to a file that is automatically rotated, to stdout or stderr (mostly for Docker) and or to Elasticsearch. tinysyslog is based on go-syslog and lumberjack.

Quickstart

git clone https://github.com/alexferl/tinysyslog.git
cd tinysyslog
make run

If tinysyslog started properly you should see:

2023-08-30T18:38:09-04:00 INF server.go:52 > tinysyslog starting
2023-08-30T18:38:09-04:00 INF server.go:63 > tinysyslog listening on 127.0.0.1:5140

You can take make sure logs are processed by the server by entering the following in a terminal:

nc -w0 -u 127.0.0.1 5140 <<< '<165>1 2016-01-01T12:01:21Z hostname appname 1234 ID47 [exampleSDID@32473 iut="9" eventSource="test" eventID="123"] message'

You should then see the following output in your terminal:

Jan  1 12:01:21 hostname appname[1234]: message

Docker Quickstart

Download the image:

docker pull admiralobvious/tinysyslog

Start the container:

docker run --rm --name tinysyslog -p 5140:5140/udp -d admiralobvious/tinysyslog

Send a log:

nc -w0 -u 127.0.0.1 5140 <<< '<165>1 2016-01-01T12:01:21Z hostname appname 1234 ID47 [exampleSDID@32473 iut="9" eventSource="test" eventID="123"] message'

Confirm the container received it:

docker logs tinysyslog
2023-08-30T22:46:06Z INF build/server.go:52 > tinysyslog starting
2023-08-30T22:46:06Z INF build/server.go:63 > tinysyslog listening on 0.0.0.0:5140
Jan  1 12:01:21 hostname appname[1234]: message

Kubernetes Quickstart

Apply the manifest to your cluster:

kubectl apply -f kubernetes/tinysyslog.yaml

Make sure the container is running:

kubectl get pods | grep tinysyslog
tinysyslog-6c85886f65-q9cxw          1/1       Running   0          1m

Confirm the pod started properly:

kubectl logs tinysyslog-6c85886f65-q9cxw
2023-08-30T22:46:06Z INF build/server.go:52 > tinysyslog starting
2023-08-30T22:46:06Z INF build/server.go:63 > tinysyslog listening on 0.0.0.0:5140

You can now send logs from your app(s) to tinysyslog:5140.

Configuration

Usage of ./tinysyslogd:
      --app-name string                           The name of the application. (default "tinysyslog")
      --bind-addr string                          IP and port to listen on. (default "127.0.0.1:5140")
      --env-name string                           The environment of the application. Used to load the right configs file. (default "PROD")
      --filter string                             Filter to filter logs with. Valid filters: [regex]
      --filter-regex string                       Regex to filter with.
      --log-level string                          The granularity of log outputs. Valid levels: [PANIC FATAL ERROR WARN INFO DISABLED TRACE DISABLED] (default "INFO")
      --log-output string                         The output to write to. Valid outputs: [stdout stderr] (default "stdout")
      --log-writer string                         The log writer. Valid writers: [console json] (default "console")
      --mutator string                            Mutator type to use. Valid mutators: [text json] (default "text")
      --sink-console-output string                Console to output to. Valid outputs: [stdout stderr] (default "stdout")
      --sink-elasticsearch-addresses strings      Elasticsearch server addresses.
      --sink-elasticsearch-api-key string         Elasticsearch api key.
      --sink-elasticsearch-cloud-id string        Elasticsearch cloud id.
      --sink-elasticsearch-index-name string      Elasticsearch index name. (default "tinysyslog")
      --sink-elasticsearch-password string        Elasticsearch password.
      --sink-elasticsearch-service-token string   Elasticsearch service token.
      --sink-elasticsearch-username string        Elasticsearch username.
      --sink-filesystem-filename string           File path to write incoming logs to. (default "syslog.log")
      --sink-filesystem-max-age int               Maximum age (in days) before a log is deleted. (default 30)
      --sink-filesystem-max-backups int           Maximum backups to keep. (default 10)
      --sink-filesystem-max-size int              Maximum log size (in megabytes) before it's rotated. (default 100)
      --sinks strings                             Sinks to save syslogs to. Valid sinks: [console elasticsearch filesystem] (default [console])
      --socket-type string                        Type of socket to use, TCP or UDP. If no type is specified, both are used.