Parameters of the AxoSyslog Helm chart

The following table lists the configurable parameters of the AxoSyslog collector chart and their default values. For details on installing the chart, see Install AxoSyslog with Helm.

Collector parameters

When you deploy AxoSyslog as a collector (which is a DaemonSet), it collects and forwards local logs to a destination. You can use the following parameters to configure the collector. The parameters for specific destinations are shown in subsequent sections.

ParameterDescriptionDefault
collector.enabledDeploy AxoSyslog as a collector to collect and forward local logstrue
collector.config.destinationsThe configurations of destinations that can be configured using chart values: syslog, opensearch, and syslogNgOtlp. For destinations and options not available as chart values, you can use the collector.config.raw option.""
collector.config.rawA complete syslog-ng configuration. If this parameter is set, all other parameters in the collector.config section are ignored. You can use this to set parameters that are not available as chart values. For details on how to create a configuration for syslog-ng, see the AxoSyslog Core documentation.""
collector.config.rewrites.setA list of name-value pairs to set for the collected log messages. Uses the set rewrite rule.{}
collector.config.sources.kubernetes.enabledCollect pod logs using the kubernetes() source. If disabled, the chart doesn’t configure any source. For the list of available sources, see the Sources chaptertrue
collector.config.sources.kubernetes.prefixSet JSON prefix for logs collected from the Kubernetes cluster""
collector.config.sources.kubernetes.keyDelimiterSet JSON key delimiter for logs collected from the Kubernetes cluster""
collector.stats.levelSpecifies the level of statistics AxoSyslog collects about the processed messages. For details, see (level()).2

The following example uses the collector.config.raw parameter to configure a custom destination:

collector:
  config:
    raw: |
      @version: 4.8.0
      @include "scl.conf"

      log {
        source {
          syslog(port(12345));
        };

        destination {
          logscale(
            token("your-secret-humio-ingest-token")
          );
        };

        flags(flow-control);
      };

  hostNetworking: true

Syslog destination

Send logs over the network, conforming to RFC3164 using the network() destination driver.

ParameterDescriptionDefault
collector.config.destinations.syslog.enabledEnables the destination.false
collector.config.destinations.syslog.addressThe IP address of the destination host.localhost
collector.config.destinations.syslog.extraOptionsRawOther options of the network() destination."time-reopen(10)"
collector.config.destinations.syslog.portThe port number to send the messages to.12345
collector.config.destinations.syslog.templateA template to format the messages."$(format-json .*)"
collector.config.destinations.syslog.transportThe transport protocol to use. Possible values: tcp, udptcp

For example:

collector:
  config:
    destinations:
      syslog:
        enabled: true
        transport: tcp
        address: localhost
        port: 12345
        template: "$(format-json .*)"

OpenSearch destination

Send logs to OpenSearch over HTTP or HTTPS.

ParameterDescriptionDefault
collector.config.destinations.opensearch.enabledEnables the destination.false
collector.config.destinations.opensearch.addressThe URL of the OpenSearch server.http://my-release-opensearch.default.svc.cluster.local:9200
collector.config.destinations.opensearch.indexName of the OpenSearch index that stores the messages."test-axoflow-index"
collector.config.destinations.opensearch.userThe username to use for authentication on the OpenSearch server, if not authenticating with a certificate."admin"
collector.config.destinations.opensearch.passwordThe password to use for authentication on the OpenSearch server."admin"
collector.config.destinations.opensearch.templateA template to format the messages."$(format-json .*)"
collector.config.destinations.opensearch.tls.CADirA directory containing a set of trusted CA certificates in PEM format. The name of the files must be the 32-bit hash of the subject’s name. AxoSyslog verifies the certificate of the server using these CA certificates."/path/to/CADir/"
collector.config.destinations.opensearch.tls.CAFileThe CA certificate in PEM format to use when verifying the certificate of the server."/path/to/CAFile.pem"
collector.config.destinations.opensearch.tls.CertName of a file containing an X.509 certificate or a certificate chain in PEM format. AxoSyslog authenticates with this certificate on the server, with the private key set in the collector.config.destinations.opensearch.tls.Key field. If the file contains a certificate chain, the file must begin with the certificate of the host, followed by the CA certificate that signed the certificate of the host, and any other signing CAs in order."/path/to/Cert.pem"
collector.config.destinations.opensearch.tls.KeyName of a file containing an unencrypted private key in PEM format. AxoSyslog authenticates with this key and the certificate set in the collector.config.destinations.opensearch.tls.Cert field."/path/to/Key.pem"
collector.config.destinations.opensearch.tls.peerVerifyIf true, AxoSyslog verifies the certificate of the server with the CA certificates set in collector.config.destinations.opensearch.tls.CAFile and collector.config.destinations.opensearch.tls.CADir.false

For example:

collector:
  config:
    destinations:
      opensearch:
        - address: 10.104.232.94
          index: "test-axoflow-index"
          tls:
            CAFile: "/path/to/CAFile.pem"
            CADir: "/path/to/CADir/"
            Cert: "/path/to/Cert.pem"
            Key: "/path/to/Key.pem"
            peerVerify: true
            template: "$(format-json .*)"

syslogNgOtlp destination

Send logs over to another AxoSyslog node using the syslog-ng-otlp() destination driver.

ParameterDescriptionDefault
collector.config.destinations.syslogNgOtlp.enabledEnables the destination.false
collector.config.destinations.syslogNgOtlp.urlThe IP address and port of the destination host."192.168.77.133:4317"
collector.config.destinations.syslogNgOtlp.extraOptionsRawOther options of the syslog-ng-otlp() destinations.“time-reopen(1) batch-timeout(1000) batch-lines(1000)”

Other collector parameters

ParameterDescriptionDefault
collector.affinityPod affinity{}
collector.annotationsAdditional annotations to apply to the DaemonSet{}
collector.extraVolumesAdditional volumes to mount[]
collector.hostAliasesAdd host aliases[]
collector.hostNetworkingWhether to enable host networkingfalse
collector.labelsAdditional labels to apply to the DaemonSet{}
collector.maxUnavailableThe maximum number of unavailable pods during a rolling update1
collector.nodeSelectorNode labels for pod assignment{}
collector.resourcesResource requests and limits{}
collector.tolerationsTolerations for pod assignment[]
collector.secretMountsMount additional secrets as volumes[]
collector.securityContextSecurity context for the pod{}

Syslog server parameters

When you deploy AxoSyslog as a server (which is a StatefulSet), it receives incoming data from the network and routes it to a local or remote destination. collects and forwards local logs to a destination. You can use the following parameters to configure the syslog server. The parameters for specific destinations are shown in subsequent sections.

ParameterDescriptionDefault
syslog.enabledDeploy AxoSyslog as a collector to collect and forward local logstrue
syslog.bufferStorage.enabledConfigures a storage using PersistentVolumes to use as disk-buffer.false
syslog.bufferStorage.storageClassThe class of the storage to use, for example, standard.standard
syslog.bufferStorage.sizeThe maximum size of the storage to use as disk-buffer, for example, 10Gi.10Gi
syslog.logFileStorage.enabledConfigures a storage using PersistentVolumes to store the log files.false
syslog.logFileStorage.storageClassThe class of the storage to use, for example, standard.standard
syslog.logFileStorage.sizeThe maximum size of the storage to use as for log storage, for example, 10Gi.500Gi
syslog.config.rawA complete syslog-ng configuration. If this parameter is set, all other parameters in the syslog.config section are ignored. You can use this to set parameters that are not available as chart values. For details on how to create a configuration for syslog-ng, see the AxoSyslog Core documentation.""
syslog.config.stats.levelSpecifies the detail of statistics AxoSyslog collects about the processed messages. For details, see level().2
syslog.config.rewrites.setA list of name-value pairs to set for the collected log messages. Uses the set rewrite rule.{}
syslog.config.sourcesThe configurations of the sources that can be configured using chart values: syslog and syslogNgOtlp.syslog and syslogNgOtlp are enabled by default. See the individual sources for details. For sources not available as chart values, you can use the collector.config.raw option.
syslog.config.destinationsThe configurations of destinations that can be configured using chart values: file, syslog, opensearch, and syslogNgOtlp.The file, syslog, opensearch destinations are enabled by default. For destinations not available as chart values, you can use the collector.config.raw option.

Syslog source

You can use the syslog source to receive RFC3164 or RFC5424 formatted syslog messages on the following ports:

  • 1514: RFC3164-formatted traffic over TCP and UDP (NodePort 30514)
  • 1601: RFC5424-formatted traffic over TCP (NodePort 30601)
  • 6514: RFC5424-formatted traffic over TLS (NodePort 30614)

If needed, you can open additional ports using the service.extraPorts option.

ParameterDescriptionDefault
syslog.config.sources.syslog.enabledEnable receiving syslog messages.true
syslog.config.sources.syslog.max-connectionsMaximum number of parallel connections.1000
syslog.config.sources.syslog.log-iw-sizeThe initial window size used for flow-control.100000
syslog.config.sources.syslog.tls.peerVerifySet to yes to request a certificate from the peers. In this case, you must also set the CA directory or the CA file.no
syslog.config.sources.syslog.tls.CAFileA file containing trusted CA certificates. For details, see TLS options.""
syslog.config.sources.syslog.tls.CADirThe directory for the trusted CA files. For details, see TLS options.""
syslog.config.sources.syslog.tls.CertThe certificate file to show to the peer. For details, see TLS options.""
syslog.config.sources.syslog.tls.KeyThe private key file for the certificate. For details, see TLS options.""

syslogNgOtlp source

Initializes a syslog-ng-otlp() to receive messages from another AxoSyslog node that sends telemetry data using the syslog-ng-otlp() destination driver.

ParameterDescriptionDefault
syslog.config.sources.syslogNgOtlp.enabledEnable receiving syslog-ng-otlp() messages.true
syslog.config.sources.syslogNgOtlp.portThe port where messages are received.4317

File destination

To write the collected logs into files, configure the syslog.logFileStorage and the syslog.config.destinations.file options.

ParameterDescriptionDefault
syslog.config.destinations.file.enabledEnables the file destination.true
syslog.config.destinations.file.pathThe path and filename of the log files. Can include macros. For examples, see file: Store messages in plain-text files."/var/log/syslog"
syslog.config.destinations.file.templateThe template used to format the log messages. Can include macros.""
syslog.config.destinations.file.extraOptionsRawOther options of the file() destination. If the directories used in syslog.destinations.file.path do not exist, set extraOptionsRaw: "create-dirs(yes)""create-dirs(yes)"

For example:

syslog:
  enabled: true
  logFileStorage:
    enabled: true
    storageClass: standard
    size: 500Gi
  bufferStorage:
    enabled: false
    storageClass: standard
    size: 10Gi
  config:
    sources:
      syslog:
        enabled: true
    destinations:
      file:
        enabled: true
        path: "/var/log/$HOST/syslog"
        extraOptionsRaw: "create-dirs(yes)"

OpenSearch destination

Send logs to OpenSearch over HTTP or HTTPS.

ParameterDescriptionDefault
syslog.config.destinations.opensearch.enabledEnables the destination.true
syslog.config.destinations.opensearch.urlThe URL of the OpenSearch server.http://my-release-opensearch.default.svc.cluster.local:9200
syslog.config.destinations.opensearch.extraOptionsRawOther options of the opensearch() destination."time-reopen(10)"
syslog.config.destinations.opensearch.indexName of the OpenSearch index that stores the messages."test-axoflow-index"
syslog.config.destinations.opensearch.userThe username to use for authentication on the OpenSearch server, if not authenticating with a certificate."admin"
syslog.config.destinations.opensearch.passwordThe password to use for authentication on the OpenSearch server."admin"
syslog.config.destinations.opensearch.templateA template to format the messages."$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})"
syslog.config.destinations.opensearch.tls.CAFileThe CA certificate in PEM format to use when verifying the certificate of the server.""
syslog.config.destinations.opensearch.tls.CADirA directory containing a set of trusted CA certificates in PEM format. The name of the files must be the 32-bit hash of the subject’s name. AxoSyslog verifies the certificate of the server using these CA certificates.""
syslog.config.destinations.opensearch.tls.CertName of a file containing an X.509 certificate or a certificate chain in PEM format. AxoSyslog authenticates with this certificate on the server, with the private key set in the syslog.config.destinations.opensearch.tls.Key field. If the file contains a certificate chain, the file must begin with the certificate of the host, followed by the CA certificate that signed the certificate of the host, and any other signing CAs in order.""
syslog.config.destinations.opensearch.tls.KeyName of a file containing an unencrypted private key in PEM format. AxoSyslog authenticates with this key and the certificate set in the syslog.config.destinations.opensearch.tls.Cert field.""
syslog.config.destinations.opensearch.tls.peerVerifyIf true, AxoSyslog verifies the certificate of the server with the CA certificates set in syslog.config.destinations.opensearch.tls.CAFile and syslog.config.destinations.opensearch.tls.CADir.""

For example:

syslog:
  enabled: true
  bufferStorage:
    enabled: true
    storageClass: standard
    size: 10Gi
  config:
    sources:
      syslog:
        enabled: true
    destinations:
      opensearch:
        enabled: true
        url: http://my-release-opensearch.default.svc.cluster.local:9200
        index: "test-axoflow-index"
        user: "admin"
        password: "admin"
        #tls:
        #  CAFile: "/path/to/CAFile.pem"
        #  CADir: "/path/to/CADir/"
        #  Cert: "/path/to/Cert.pem"
        #  Key: "/path/to/Key.pem"
        #  peerVerify: false
        extraOptionsRaw: "time-reopen(10)"

Syslog destination

Send logs over the network, conforming to RFC3164 using the network() destination driver.

ParameterDescriptionDefault
syslog.config.destinations.syslog.enabledEnables the destination.true
syslog.config.destinations.syslog.addressThe IP address of the destination host.""
syslog.config.destinations.syslog.extraOptionsRawOther options of the network() destination."time-reopen(10)"
syslog.config.destinations.syslog.portThe port number to send the messages to.12345
syslog.config.destinations.syslog.templateA template to format the messages.""
syslog.config.destinations.syslog.transportThe transport protocol to use. Possible values: tcp, udptcp

For example:

syslog:
  enabled: true
  bufferStorage:
    enabled: true
    storageClass: standard
    size: 10Gi
  config:
    sources:
      syslog:
        enabled: true
    destinations:
      syslog:
        enabled: true
        transport: tcp
        address: 192.168.77.133
        port: 12345
        # convert incoming data to JSON
        #template: "$(format-json .*)\n"
        # use standard syslog logfile
        #template: "$ISODATE $HOST $MSGHDR$MSG\n"
        extraOptionsRaw: "time-reopen(10)"

syslogNgOtlp destination

Send data using the syslog-ng-otlp() destination driver to another AxoSyslog node.

ParameterDescriptionDefault
syslog.config.destinations.syslogNgOtlp.enabledEnables the destination.no
syslog.config.destinations.syslogNgOtlp.urlThe IP address of the destination host.""
syslog.config.destinations.syslogNgOtlp.extraOptionsRawOther options of the syslog-ng-otlp() destination."time-reopen(1) batch-timeout(1000) batch-lines(1000)"

For example:

syslog:
  enabled: true
  bufferStorage:
    enabled: true
    storageClass: standard
    size: 10Gi
  config:
    sources:
      syslog:
        enabled: true
    destinations:
      syslogNgOtlp:
        enabled: true
        url: "192.168.77.133:4317"
        extraOptionsRaw: "time-reopen(1) batch-timeout(1000) batch-lines(1000)"

Generic chart parameters

ParameterDescriptionDefault
image.repositoryThe container image repositoryghcr.io/axoflow/axosyslog
image.pullPolicyThe container image pull policyIfNotPresent
image.tagThe container image tag4.8.0
image.extraArgsCustom arguments applied as the value of spec.container.args[]
imagePullSecretsThe names of secrets containing private registry credentials[]
nameOverrideOverride the chart name""
fullnameOverrideOverride the full chart name""
rbac.createCreate RBAC resourcestrue
rbac.extraRulesAdditional RBAC rules[]
openShift.enabledSet to true when deploying on OpenShiftfalse
openShift.securityContextConstraints.createCreate SecurityContextConstraints on OpenShifttrue
openShift.securityContextConstraints.annotationsAnnotations to apply to SecurityContextConstraints{}
service.createCreate a service so the syslog server can receive incoming connections.true
service.extraportsOpen additional ports for the syslog server[]
serviceAccount.createWhether to create a service accounttrue
serviceAccount.annotationsAnnotations to apply to the service account{}
namespaceThe Kubernetes namespace to deploy to""
podAnnotationsAdditional annotations to apply to the pod{}
podSecurityContextSecurity context for the pod{}
securityContextSecurity context for the container{}
resourcesResource requests and limits for the collector container. If not set, the values of collector.resources are used.{}
nodeSelectorNode labels for pod assignment{}
tolerationsTolerations for pod assignment[]
affinityPod affinity{}
updateStrategyUpdate strategy for the Collector DaemonSetRollingUpdate
priorityClassNameThe name of the PriorityClass the pod belongs to""
dnsConfigThe DNS configuration of the pod{}
hostAliasesAdditional entries to the pod’s hosts file[]
secretMountsAdditional secrets to mount for the pod. If not set, the values of collector.secretMounts are used.[]
extraVolumesAdditional volumes to mount for the pod. If not set, the values of collector.extraVolumes are used.[]
terminationGracePeriodSecondsHow many seconds a pod with a failing probe has before shut down30
Last modified April 30, 2024: Updates (6b05d69)