http: Post messages over HTTP without Java

New to AxoSyslog? AxoSyslog is a binary compatible syslog-ng replacement, from the original creator, developed by the same team.

Same architecture, same config files, same paths. Cloud-native images, fast releases, modern observability (OTel, K8s, Windows), and powerful data processing: read more about the differences between AxoSyslog and syslog-ng.

Also, it’s super easy to install, and you can upgrade from syslog-ng in minutes.

Version 3.8 of AxoSyslog can directly post log messages to web services using the HTTP protocol, without having to use Java. The current implementation has the following limitations:

Only the PUT and the POST methods are supported.

HTTPS connection, as well as password- and certificate-based authentication is supported.

If the server returns a status code beginning with 2 (for example, 200), AxoSyslog assumes the message was successfully sent. For other response codes, see HTTP destination options. You can override the behavior of AxoSyslog using the response-action() option.

Example: Client certificate authentication with HTTPS

   destination d_https {
        http(
            [...]
            tls(
            ca-file("/<path-to-certificate-directory>/ca-crt.pem")
            ca-dir("/<path-to-certificate-directory>/")
            cert-file("/<path-to-certificate-directory>/server-crt.pem")
            key-file("/<path-to-certificate-directory>/server-key.pem")
                )
            [...]
        );
    };

Declaration:

   destination d_http {
        http(
            url("<web-service-IP-or-hostname>")
            method("<HTTP-method>")
            user-agent("<USER-AGENT-message-value>")
            user("<username>")
            password("<password>")
        );
    };

You can use the proxy() option to configure the HTTP driver in all HTTP-based destinations to use a specific HTTP proxy that is independent from the proxy configured for the system.

Alternatively, you can leave the HTTP as-is, in which case the driver leaves the default http_proxy and https_proxy environment variables unmodified.

For more detailed information about these environment variables, see the libcurl documentation.

Note Configuring the proxy() option overwrites the default http_proxy and https_proxy environment variables.

Example: Sending log data to a web service

The following example defines an http destination.

   destination d_http {
        http(
            url("http://127.0.0.1:8000")
            method("PUT")
            user-agent("syslog-ng User Agent")
            user("user")
            password("password")
            headers("HEADER1: header1", "HEADER2: header2")
            body("${ISODATE} ${MESSAGE}")
        );
    };
    
    log {
        source(s_file);
        destination(d_http);
        flags(flow-control);
    };

You can also use the http() destination to forward log messages to Splunk using AxoSyslog.

Batch mode and load balancing

HTTP destination options

The Azure auth header plugin

The Python HTTP header plugin

Last modified July 7, 2025: Adds banner to high-traffic pages (8f28f4e)