How to upgrade syslog-ng to AxoSyslog
AxoSyslog, our syslog-ng™ fork is a drop-in replacement for syslog-ng. Syslog-ng users often ask us: what does it exactly mean, and how can I upgrade my syslog-ng installation to AxoSyslog? This post answers these questions.
AxoSyslog, the drop-in syslog-ng replacement
AxoSyslog provides the:
- same binaries (for example,
/usr/sbin/syslog-ng), - same configuration files (
/etc/syslog-ng/syslog-ng.conf), certificates, etc., and - same configuration syntax.
If you're already using syslog-ng, you can upgrade your existing syslog-ng deployments to AxoSyslog in a matter of minutes.
AxoSyslog is more than a syslog-ng replacement
As we've said, AxoSyslog is a drop-in replacement of syslog-ng, but it's also more than that:
- It provides detailed metrics about what your pipeline is doing,
- the FilterX data processing engine,
- enhanced container and Kubernetes support, including Helm charts,
- eBPF integration for efficient kernel-level data collection with minimal overhead,
- destinations for ClickHouse, Microsoft Sentinel, Azure Monitor, and many more modern services,
- regular releases with new features,
- up-to-date documentation, and
- we also provide responsive and helpful community and professional support for AxoSyslog and syslog-ng.
Sounds interesting? Please "star" the AxoSyslog GitHub project and bookmark the documentation before continuing!
Upgrade syslog-ng to AxoSyslog
If you're already using syslog-ng and have an existing syslog-ng deployment on a host, you can upgrade it to AxoSyslog by simply installing AxoSyslog on the host.
The following steps show you how to do that on Ubuntu 24.04, but the process is similar on other Ubuntu/Debian systems. For details on installing AxoSyslog on RPM-based systems like Red Hat, Almalinux, or Fedora, see the AxoSyslog RPM installation guide. We assume that you've installed syslog-ng from the repositories.
Check that the syslog-ng service is running:
sudo systemctl syslog-ng statusThe output will look something like:
syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; preset>
Active: active (running) since Thu 2025-02-27 17:04:28 CET; 11s ago
Docs: man:syslog-ng(8)
Main PID: 254 (syslog-ng)
Tasks: 2 (limit: 9594)
Memory: 19.6M (peak: 20.8M)
CPU: 215ms
CGroup: /system.slice/syslog-ng.service
└─254 "[rosetta]" /usr/sbin/syslog-ng /usr/sbin/syslog-ng -FCheck the version of syslog-ng you have by running:
syslog-ng --versionThe output will start with something like:
syslog-ng 4 (4.8.1)
Config version: 4.2
Installer-Version: 4.8.1Add the AxoSyslog repository. Run the following commands as root:
wget -qO - https://pkg.axoflow.io/axoflow-code-signing-pub.asc | gpg --dearmor > /usr/share/keyrings/axoflow-code-signing-pub.gpgand
echo "deb [signed-by=/usr/share/keyrings/axoflow-code-signing-pub.gpg] https://pkg.axoflow.io/apt stable ubuntu-noble" | tee --append /etc/apt/sources.list.d/axoflow.listInstall AxoSyslog by running:
apt update; apt install axosyslogSince you already have syslog-ng installed and have a configuration file, apt will ask what to do with it. Choose to keep the existing configuration file.
Check that the syslog-ng service is running:
sudo systemctl syslog-ng statusThe output should be identical to the earlier result:
syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; preset>
Active: active (running) since Thu 2025-02-27 17:07:41 CET; 42s ago
Docs: man:syslog-ng(8)
Main PID: 1936 (syslog-ng)
Tasks: 2 (limit: 9594)
Memory: 79.9M (peak: 83.1M)
CPU: 462ms
CGroup: /system.slice/syslog-ng.service
└─1936 "[rosetta]" /usr/sbin/syslog-ng /usr/sbin/syslog-ng -FNo surprises here, syslog-ng is running.
But if you check version number:
syslog-ng --versionYou'll see that actually you're running AxoSyslog:
axosyslog 4 (4.10.1)
Config version: 4.2
Installer-Version: 4.10.1That's it! In case you run into any issues, join Axoflow’s Discord server to reach out to us.
Upgrading a syslog-ng Premium Edition deployment is a bit more involved; if you're interested, contact us.
Trademark attribution
syslog-ng™ is the trademark of One Identity LLC
Follow Our Progress!
We are excited to be realizing our vision above with a full Axoflow product suite.
Sign me up