http: Post messages over HTTP without Java

New to AxoSyslog? AxoSyslog is a binary compatible syslog-ng replacement, from the original creator, developed by the same team.

Same architecture, same config files, same paths. Cloud-native images, fast releases, modern observability (OTel, K8s, Windows), and powerful data processing: read more about the differences between AxoSyslog and syslog-ng.

Also, it’s super easy to install, and you can upgrade from syslog-ng in minutes.

Version 3.8 of AxoSyslog can directly post log messages to web services using the HTTP protocol, without having to use Java. The current implementation has the following limitations:

  • Only the PUT and the POST methods are supported.

HTTPS connection, as well as password- and certificate-based authentication is supported.

If the server returns a status code beginning with 2 (for example, 200), AxoSyslog assumes the message was successfully sent. For other response codes, see HTTP destination options. You can override the behavior of AxoSyslog using the response-action() option.

Example: Client certificate authentication with HTTPS

   destination d_https {
        http(
            [...]
            tls(
            ca-file("/<path-to-certificate-directory>/ca-crt.pem")
            ca-dir("/<path-to-certificate-directory>/")
            cert-file("/<path-to-certificate-directory>/server-crt.pem")
            key-file("/<path-to-certificate-directory>/server-key.pem")
                )
            [...]
        );
    };

Declaration:

   destination d_http {
        http(
            url("<web-service-IP-or-hostname>")
            method("<HTTP-method>")
            user-agent("<USER-AGENT-message-value>")
            user("<username>")
            password("<password>")
        );
    };

You can use the proxy() option to configure the HTTP driver in all HTTP-based destinations to use a specific HTTP proxy that is independent from the proxy configured for the system.

Alternatively, you can leave the HTTP as-is, in which case the driver leaves the default http_proxy and https_proxy environment variables unmodified.

For more detailed information about these environment variables, see the libcurl documentation.

Example: Sending log data to a web service

The following example defines an http destination.

   destination d_http {
        http(
            url("http://127.0.0.1:8000")
            method("PUT")
            user-agent("syslog-ng User Agent")
            user("user")
            password("password")
            headers("HEADER1: header1", "HEADER2: header2")
            body("${ISODATE} ${MESSAGE}")
        );
    };
    
    log {
        source(s_file);
        destination(d_http);
        flags(flow-control);
    };

You can also use the http() destination to forward log messages to Splunk using AxoSyslog.

Last modified July 7, 2025: Adds banner to high-traffic pages (8f28f4e)