syslogd/README.md

# Syslog Server

All received messages are written to *stdout* and/or forwarded to a remote logging destination.

The syslog server is able to listen on both UDP and TCP and parses syslog messages in either RFC5424 or RFC3164 (BSD) format.

This software is free to use and is licensed under the [Apache 2.0 License](https://bitbucket.org/mnellemann/syslogd/src/master/LICENSE).

![architecture](https://bitbucket.org/mnellemann/syslogd/downloads/syslogd.svg)

The default syslog port (514) requires you to run syslogd as root / administrator.
If you do not wish to do so, you can choose any port number (with the *-p* or *--port* flag) above 1024.

Supported remote logging destinations are:
- Syslog (RFC5424 over UDP)
- Graylog (GELF over UDP)
- and Grafana Loki (HTTP over TCP).

## Usage Instructions

- Install the syslogd package (*.deb* or *.rpm*) from [downloads](https://bitbucket.org/mnellemann/syslogd/downloads/) or build from source.
- Run *bin/syslogd*, use the *-h* option for help :)

```text
Usage: syslogd [-dhV] [--[no-]ansi] [--[no-]stdout] [--[no-]tcp] [--[no-]udp]
               [--rfc5424] [-g=<uri>] [-l=<url>] [-p=<num>] [-s=<uri>]
  -d, --debug          Enable debugging [default: 'false'].
  -g, --gelf=<uri>     Forward to Graylog <udp://host:port>.
  -h, --help           Show this help message and exit.
  -l, --loki=<url>     Forward to Grafana Loki <http://host:port>.
      --[no-]ansi      Output ANSI colors [default: true].
      --[no-]stdout    Output messages to stdout [default: true].
      --[no-]tcp       Listen on TCP [default: true].
      --[no-]udp       Listen on UDP [default: true].
  -p, --port=<num>     Listening port [default: 514].
      --rfc5424        Parse RFC-5424 messages [default: RFC-3164].
  -s, --syslog=<uri>   Forward to Syslog <udp://host:port> (RFC-5424).
  -V, --version        Print version information and exit.
```

### Examples

Listening on a non-standard syslog port:

```
java -jar /path/to/syslogd-x.y.z-all.jar --port 1514
```

or, if installed as a *deb* or *rpm* package:

```
/opt/syslogd/bin/syslogd --port 1514
```

Listening on the standard syslog port (requires root privileges) and forwarding messages on to another log-system on a non-standard port.

```
java -jar /path/to/syslogd-x.y.z-all.jar --syslog udp://remotehost:514
```

Forwarding to a Graylog server in GELF format.

```
java -jar /path/to/syslogd-x.y.z-all.jar --gelf udp://remotehost:12201
```

Forwarding to a Grafana Loki server.

```
java -jar /path/to/syslogd-x.y.z-all.jar --loki http://remotehost:3100
```

If you don't want any output locally (only forwarding), you can use the ```--no-stdout``` flag.


## Notes

### IBM AIX and VIO Servers

Syslog messages from AIX (and IBM Power Virtual I/O Servers) can be troublesome with some logging solutions. These can be received with
*syslogd* and then forwarded on to your preferred logging solution.

### Forwarding to Grafana Loki

Forwarding is currently done by making HTTP connections to the Loki API, which works fine for low volume messages, but might cause issues for large volume of messages.

## Development Notes

### Test Grafana Loki

Run Loki and Grafana in local containers to test.

```shell
docker run --rm -d --name=loki -p 3100:3100 grafana/loki
docker run --rm -d --name=grafana --link loki:loki -p 3000:3000 grafana/grafana:7.1.3
```
Add option to forward in GELF JSON format. 2021-02-03 11:00:45 +00:00			`# Syslog Server`
Add APACHE-2.0 license. 2020-09-22 18:45:16 +00:00
Update 3rd party dependencies. 2021-12-03 10:29:55 +00:00			`All received messages are written to stdout and/or forwarded to a remote logging destination.`
Add APACHE-2.0 license. 2020-09-22 18:45:16 +00:00
Add option to forward in GELF JSON format. 2021-02-03 11:00:45 +00:00			`The syslog server is able to listen on both UDP and TCP and parses syslog messages in either RFC5424 or RFC3164 (BSD) format.`
Update instructions and provide systemd service example. 2021-01-26 15:08:37 +00:00
Update reference to the Apache 2.0 LICENSE. 2021-03-25 20:21:46 +00:00			`This software is free to use and is licensed under the [Apache 2.0 License](https://bitbucket.org/mnellemann/syslogd/src/master/LICENSE).`

README.md edited online with Bitbucket 2021-03-17 10:16:57 +00:00			`![architecture](https://bitbucket.org/mnellemann/syslogd/downloads/syslogd.svg)`

Update instructions and provide systemd service example. 2021-01-26 15:08:37 +00:00			`The default syslog port (514) requires you to run syslogd as root / administrator.`
Update 3rd party dependencies. 2021-12-03 10:29:55 +00:00			`If you do not wish to do so, you can choose any port number (with the -p or --port flag) above 1024.`
Add APACHE-2.0 license. 2020-09-22 18:45:16 +00:00
Update 3rd party dependencies. 2021-12-03 10:29:55 +00:00			`Supported remote logging destinations are:`
			`- Syslog (RFC5424 over UDP)`
			`- Graylog (GELF over UDP)`
			`- and Grafana Loki (HTTP over TCP).`
Refactor argument parsing and improve LokiClient send. 2021-03-17 09:45:13 +00:00
Add APACHE-2.0 license. 2020-09-22 18:45:16 +00:00			`## Usage Instructions`

Typos 2020-12-06 12:11:58 +00:00			`- Install the syslogd package (.deb or .rpm) from [downloads](https://bitbucket.org/mnellemann/syslogd/downloads/) or build from source.`
Add APACHE-2.0 license. 2020-09-22 18:45:16 +00:00			`- Run bin/syslogd, use the -h option for help :)`

Refactor argument parsing and improve LokiClient send. 2021-03-17 09:45:13 +00:00			```text
			`Usage: syslogd [-dhV] [--[no-]ansi] [--[no-]stdout] [--[no-]tcp] [--[no-]udp]`
			`[--rfc5424] [-g=<uri>] [-l=<url>] [-p=<num>] [-s=<uri>]`
			`-d, --debug Enable debugging [default: 'false'].`
			`-g, --gelf=<uri> Forward to Graylog <udp://host:port>.`
			`-h, --help Show this help message and exit.`
			`-l, --loki=<url> Forward to Grafana Loki <http://host:port>.`
			`--[no-]ansi Output ANSI colors [default: true].`
			`--[no-]stdout Output messages to stdout [default: true].`
			`--[no-]tcp Listen on TCP [default: true].`
			`--[no-]udp Listen on UDP [default: true].`
			`-p, --port=<num> Listening port [default: 514].`
			`--rfc5424 Parse RFC-5424 messages [default: RFC-3164].`
			`-s, --syslog=<uri> Forward to Syslog <udp://host:port> (RFC-5424).`
			`-V, --version Print version information and exit.`
			```
Update README to reflect new changes. 2021-01-29 10:18:08 +00:00
			`### Examples`

			`Listening on a non-standard syslog port:`

			```
			`java -jar /path/to/syslogd-x.y.z-all.jar --port 1514`
			```

			`or, if installed as a deb or rpm package:`

			```
			`/opt/syslogd/bin/syslogd --port 1514`
			```

			`Listening on the standard syslog port (requires root privileges) and forwarding messages on to another log-system on a non-standard port.`

			```
Refactor argument parsing and improve LokiClient send. 2021-03-17 09:45:13 +00:00			`java -jar /path/to/syslogd-x.y.z-all.jar --syslog udp://remotehost:514`
Update README to reflect new changes. 2021-01-29 10:18:08 +00:00			```

Add option to forward in GELF JSON format. 2021-02-03 11:00:45 +00:00			`Forwarding to a Graylog server in GELF format.`

			```
Refactor argument parsing and improve LokiClient send. 2021-03-17 09:45:13 +00:00			`java -jar /path/to/syslogd-x.y.z-all.jar --gelf udp://remotehost:12201`
Add option to forward in GELF JSON format. 2021-02-03 11:00:45 +00:00			```

Refactor argument parsing and improve LokiClient send. 2021-03-17 09:45:13 +00:00			`Forwarding to a Grafana Loki server.`

			```
			`java -jar /path/to/syslogd-x.y.z-all.jar --loki http://remotehost:3100`
			```
Add option to forward in GELF JSON format. 2021-02-03 11:00:45 +00:00
Update README to reflect new changes. 2021-01-29 10:18:08 +00:00			If you don't want any output locally (only forwarding), you can use the ```--no-stdout``` flag.


			`## Notes`

Refactor argument parsing and improve LokiClient send. 2021-03-17 09:45:13 +00:00			`### IBM AIX and VIO Servers`
Work on forwarding syslog messaged to Grafana Loki. 2021-03-16 21:01:11 +00:00
Refactor argument parsing and improve LokiClient send. 2021-03-17 09:45:13 +00:00			`Syslog messages from AIX (and IBM Power Virtual I/O Servers) can be troublesome with some logging solutions. These can be received with`
Update 3rd party dependencies. 2021-12-03 10:29:55 +00:00			`syslogd and then forwarded on to your preferred logging solution.`
Work on forwarding syslog messaged to Grafana Loki. 2021-03-16 21:01:11 +00:00
Minor version incremented as command line parameters and functionality has changed. Severity and facility are now in lowercase. LokiClient http timeouts set more aggressively. Cleanup various places. 2021-03-17 13:30:37 +00:00			`### Forwarding to Grafana Loki`

			`Forwarding is currently done by making HTTP connections to the Loki API, which works fine for low volume messages, but might cause issues for large volume of messages.`
Work on forwarding syslog messaged to Grafana Loki. 2021-03-16 21:01:11 +00:00
Refactor argument parsing and improve LokiClient send. 2021-03-17 09:45:13 +00:00			`## Development Notes`
Work on forwarding syslog messaged to Grafana Loki. 2021-03-16 21:01:11 +00:00
			`### Test Grafana Loki`

Refactor argument parsing and improve LokiClient send. 2021-03-17 09:45:13 +00:00			`Run Loki and Grafana in local containers to test.`

Work on forwarding syslog messaged to Grafana Loki. 2021-03-16 21:01:11 +00:00			```shell
			`docker run --rm -d --name=loki -p 3100:3100 grafana/loki`
Refactor argument parsing and improve LokiClient send. 2021-03-17 09:45:13 +00:00			`docker run --rm -d --name=grafana --link loki:loki -p 3000:3000 grafana/grafana:7.1.3`
Work on forwarding syslog messaged to Grafana Loki. 2021-03-16 21:01:11 +00:00			```
Refactor argument parsing and improve LokiClient send. 2021-03-17 09:45:13 +00:00