Go to file
2021-12-14 22:08:47 +01:00
doc Update HMC syslog ignore filter. 2021-03-29 22:16:15 +02:00
gradle/wrapper Update gradle to 7.3.1 2021-12-14 22:08:47 +01:00
src Move lokiclient into it's own thread, to not block/delay udp forwards. 2021-03-27 15:23:34 +01:00
.editorconfig Initial import 2020-09-22 20:33:22 +02:00
.gitattributes Initial import 2020-09-22 20:33:22 +02:00
.gitignore Cleanup. 2020-12-01 13:43:36 +01:00
bitbucket-pipelines.yml Fix dynamic version lookup. 2020-10-07 15:09:59 +02:00
build.gradle Update gradle to 7.3.1 2021-12-14 22:08:47 +01:00
gradle.properties Update 3rd party dependencies. 2021-12-03 11:29:55 +01:00
gradlew Initial import 2020-09-22 20:33:22 +02:00
gradlew.bat Initial import 2020-09-22 20:33:22 +02:00
LICENSE Add APACHE-2.0 license. 2020-09-22 20:45:16 +02:00
README.md Update 3rd party dependencies. 2021-12-03 11:29:55 +01:00
settings.gradle Initial import 2020-09-22 20:33:22 +02:00

Syslog Server

All received messages are written to stdout and/or forwarded to a remote logging destination.

The syslog server is able to listen on both UDP and TCP and parses syslog messages in either RFC5424 or RFC3164 (BSD) format.

This software is free to use and is licensed under the Apache 2.0 License.

architecture

The default syslog port (514) requires you to run syslogd as root / administrator. If you do not wish to do so, you can choose any port number (with the -p or --port flag) above 1024.

Supported remote logging destinations are:

  • Syslog (RFC5424 over UDP)
  • Graylog (GELF over UDP)
  • and Grafana Loki (HTTP over TCP).

Usage Instructions

  • Install the syslogd package (.deb or .rpm) from downloads or build from source.
  • Run bin/syslogd, use the -h option for help :)
Usage: syslogd [-dhV] [--[no-]ansi] [--[no-]stdout] [--[no-]tcp] [--[no-]udp]
               [--rfc5424] [-g=<uri>] [-l=<url>] [-p=<num>] [-s=<uri>]
  -d, --debug          Enable debugging [default: 'false'].
  -g, --gelf=<uri>     Forward to Graylog <udp://host:port>.
  -h, --help           Show this help message and exit.
  -l, --loki=<url>     Forward to Grafana Loki <http://host:port>.
      --[no-]ansi      Output ANSI colors [default: true].
      --[no-]stdout    Output messages to stdout [default: true].
      --[no-]tcp       Listen on TCP [default: true].
      --[no-]udp       Listen on UDP [default: true].
  -p, --port=<num>     Listening port [default: 514].
      --rfc5424        Parse RFC-5424 messages [default: RFC-3164].
  -s, --syslog=<uri>   Forward to Syslog <udp://host:port> (RFC-5424).
  -V, --version        Print version information and exit.

Examples

Listening on a non-standard syslog port:

java -jar /path/to/syslogd-x.y.z-all.jar --port 1514

or, if installed as a deb or rpm package:

/opt/syslogd/bin/syslogd --port 1514

Listening on the standard syslog port (requires root privileges) and forwarding messages on to another log-system on a non-standard port.

java -jar /path/to/syslogd-x.y.z-all.jar --syslog udp://remotehost:514

Forwarding to a Graylog server in GELF format.

java -jar /path/to/syslogd-x.y.z-all.jar --gelf udp://remotehost:12201

Forwarding to a Grafana Loki server.

java -jar /path/to/syslogd-x.y.z-all.jar --loki http://remotehost:3100

If you don't want any output locally (only forwarding), you can use the --no-stdout flag.

Notes

IBM AIX and VIO Servers

Syslog messages from AIX (and IBM Power Virtual I/O Servers) can be troublesome with some logging solutions. These can be received with syslogd and then forwarded on to your preferred logging solution.

Forwarding to Grafana Loki

Forwarding is currently done by making HTTP connections to the Loki API, which works fine for low volume messages, but might cause issues for large volume of messages.

Development Notes

Test Grafana Loki

Run Loki and Grafana in local containers to test.

docker run --rm -d --name=loki -p 3100:3100 grafana/loki
docker run --rm -d --name=grafana --link loki:loki -p 3000:3000 grafana/grafana:7.1.3