Parameters of the AxoSyslog Helm chart

The following table lists the configurable parameters of the AxoSyslog collector chart and their default values. For details on installing the chart, see Install AxoSyslog with Helm.

Collector parameters

When you deploy AxoSyslog as a collector (which is a DaemonSet), it collects and forwards local logs to a destination. You can use the following parameters to configure the collector. The parameters for specific destinations are shown in subsequent sections.

Parameter Description Default
collector.enabled Deploy AxoSyslog as a collector to collect and forward local logs true
collector.config.destinations The configurations of destinations that can be configured using chart values: syslog, opensearch, and syslogNgOtlp. For destinations and options not available as chart values, you can use the collector.config.raw option. ""
collector.config.raw A complete syslog-ng configuration. If this parameter is set, all other parameters in the collector.config section are ignored. You can use this to set parameters that are not available as chart values. For details on how to create a configuration for syslog-ng, see the AxoSyslog Core documentation. ""
collector.config.rewrites.set A list of name-value pairs to set for the collected log messages. Uses the set rewrite rule. {}
collector.config.sources.kubernetes.enabled Collect pod logs using the kubernetes() source. If disabled, the chart doesn’t configure any source. For the list of available sources, see the Sources chapter true
collector.config.sources.kubernetes.prefix Set JSON prefix for logs collected from the Kubernetes cluster ""
collector.config.sources.kubernetes.keyDelimiter Set JSON key delimiter for logs collected from the Kubernetes cluster ""
collector.stats.level Specifies the level of statistics AxoSyslog collects about the processed messages. For details, see (level()). 2

The following example uses the collector.config.raw parameter to configure a custom destination:

collector:
  config:
    raw: |
      @version: 4.9.0
      @include "scl.conf"

      log {
        source {
          syslog(port(12345));
        };

        destination {
          logscale(
            token("your-secret-humio-ingest-token")
          );
        };

        flags(flow-control);
      };

  hostNetworking: true

Syslog destination

Send logs over the network, conforming to RFC3164 using the network() destination driver.

Parameter Description Default
collector.config.destinations.syslog.enabled Enables the destination. false
collector.config.destinations.syslog.address The IP address of the destination host. localhost
collector.config.destinations.syslog.extraOptionsRaw Other options of the network() destination. "time-reopen(10)"
collector.config.destinations.syslog.port The port number to send the messages to. 12345
collector.config.destinations.syslog.template A template to format the messages. "$(format-json .*)"
collector.config.destinations.syslog.transport The transport protocol to use. Possible values: tcp, udp tcp

For example:

collector:
  config:
    destinations:
      syslog:
        enabled: true
        transport: tcp
        address: localhost
        port: 12345
        template: "$(format-json .*)"

OpenSearch destination

Send logs to OpenSearch over HTTP or HTTPS.

Parameter Description Default
collector.config.destinations.opensearch.enabled Enables the destination. false
collector.config.destinations.opensearch.address The URL of the OpenSearch server. http://my-release-opensearch.default.svc.cluster.local:9200
collector.config.destinations.opensearch.index Name of the OpenSearch index that stores the messages. "test-axoflow-index"
collector.config.destinations.opensearch.user The username to use for authentication on the OpenSearch server, if not authenticating with a certificate. "admin"
collector.config.destinations.opensearch.password The password to use for authentication on the OpenSearch server. "admin"
collector.config.destinations.opensearch.template A template to format the messages. "$(format-json .*)"
collector.config.destinations.opensearch.tls.CADir A directory containing a set of trusted CA certificates in PEM format. The name of the files must be the 32-bit hash of the subject’s name. AxoSyslog verifies the certificate of the server using these CA certificates. "/path/to/CADir/"
collector.config.destinations.opensearch.tls.CAFile The CA certificate in PEM format to use when verifying the certificate of the server. "/path/to/CAFile.pem"
collector.config.destinations.opensearch.tls.Cert Name of a file containing an X.509 certificate or a certificate chain in PEM format. AxoSyslog authenticates with this certificate on the server, with the private key set in the collector.config.destinations.opensearch.tls.Key field. If the file contains a certificate chain, the file must begin with the certificate of the host, followed by the CA certificate that signed the certificate of the host, and any other signing CAs in order. "/path/to/Cert.pem"
collector.config.destinations.opensearch.tls.Key Name of a file containing an unencrypted private key in PEM format. AxoSyslog authenticates with this key and the certificate set in the collector.config.destinations.opensearch.tls.Cert field. "/path/to/Key.pem"
collector.config.destinations.opensearch.tls.peerVerify If true, AxoSyslog verifies the certificate of the server with the CA certificates set in collector.config.destinations.opensearch.tls.CAFile and collector.config.destinations.opensearch.tls.CADir. false

For example:

collector:
  config:
    destinations:
      opensearch:
        - address: 10.104.232.94
          index: "test-axoflow-index"
          tls:
            CAFile: "/path/to/CAFile.pem"
            CADir: "/path/to/CADir/"
            Cert: "/path/to/Cert.pem"
            Key: "/path/to/Key.pem"
            peerVerify: true
            template: "$(format-json .*)"

syslogNgOtlp destination

Send logs over to another AxoSyslog node using the syslog-ng-otlp() destination driver.

Parameter Description Default
collector.config.destinations.syslogNgOtlp.enabled Enables the destination. false
collector.config.destinations.syslogNgOtlp.url The IP address and port of the destination host. "192.168.77.133:4317"
collector.config.destinations.syslogNgOtlp.extraOptionsRaw Other options of the syslog-ng-otlp() destinations. “time-reopen(1) batch-timeout(1000) batch-lines(1000)”

Other collector parameters

Parameter Description Default
collector.affinity Pod affinity {}
collector.annotations Additional annotations to apply to the DaemonSet {}
collector.extraVolumes Additional volumes to mount []
collector.hostAliases Add host aliases []
collector.hostNetworking Whether to enable host networking false
collector.labels Additional labels to apply to the DaemonSet {}
collector.maxUnavailable The maximum number of unavailable pods during a rolling update 1
collector.nodeSelector Node labels for pod assignment {}
collector.resources Resource requests and limits {}
collector.tolerations Tolerations for pod assignment []
collector.secretMounts Mount additional secrets as volumes []
collector.securityContext Security context for the pod {}

Syslog server parameters

When you deploy AxoSyslog as a server (which is a StatefulSet), it receives incoming data from the network and routes it to a local or remote destination. collects and forwards local logs to a destination. You can use the following parameters to configure the syslog server. The parameters for specific destinations are shown in subsequent sections.

Parameter Description Default
syslog.enabled Deploy AxoSyslog as a collector to collect and forward local logs true
syslog.bufferStorage.enabled Configures a storage using PersistentVolumes to use as disk-buffer. false
syslog.bufferStorage.storageClass The class of the storage to use, for example, standard. standard
syslog.bufferStorage.size The maximum size of the storage to use as disk-buffer, for example, 10Gi. 10Gi
syslog.logFileStorage.enabled Configures a storage using PersistentVolumes to store the log files. false
syslog.logFileStorage.storageClass The class of the storage to use, for example, standard. standard
syslog.logFileStorage.size The maximum size of the storage to use as for log storage, for example, 10Gi. 500Gi
syslog.config.raw A complete syslog-ng configuration. If this parameter is set, all other parameters in the syslog.config section are ignored. You can use this to set parameters that are not available as chart values. For details on how to create a configuration for syslog-ng, see the AxoSyslog Core documentation. ""
syslog.config.stats.level Specifies the detail of statistics AxoSyslog collects about the processed messages. For details, see level(). 2
syslog.config.rewrites.set A list of name-value pairs to set for the collected log messages. Uses the set rewrite rule. {}
syslog.config.sources The configurations of the sources that can be configured using chart values: syslog and syslogNgOtlp. syslog and syslogNgOtlp are enabled by default. See the individual sources for details. For sources not available as chart values, you can use the collector.config.raw option.
syslog.config.destinations The configurations of destinations that can be configured using chart values: file, syslog, opensearch, and syslogNgOtlp. The file, syslog, opensearch destinations are enabled by default. For destinations not available as chart values, you can use the collector.config.raw option.

Syslog source

You can use the syslog source to receive RFC3164 or RFC5424 formatted syslog messages on the following ports:

  • 1514: RFC3164-formatted traffic over TCP and UDP (NodePort 30514)
  • 1601: RFC5424-formatted traffic over TCP (NodePort 30601)
  • 6514: RFC5424-formatted traffic over TLS (NodePort 30614)

If needed, you can open additional ports using the service.extraPorts option.

Parameter Description Default
syslog.config.sources.syslog.enabled Enable receiving syslog messages. true
syslog.config.sources.syslog.max-connections Maximum number of parallel connections. 1000
syslog.config.sources.syslog.log-iw-size The initial window size used for flow-control. 100000
syslog.config.sources.syslog.tls.peerVerify Set to yes to request a certificate from the peers. In this case, you must also set the CA directory or the CA file. no
syslog.config.sources.syslog.tls.CAFile A file containing trusted CA certificates. For details, see TLS options. ""
syslog.config.sources.syslog.tls.CADir The directory for the trusted CA files. For details, see TLS options. ""
syslog.config.sources.syslog.tls.Cert The certificate file to show to the peer. For details, see TLS options. ""
syslog.config.sources.syslog.tls.Key The private key file for the certificate. For details, see TLS options. ""

syslogNgOtlp source

Initializes a syslog-ng-otlp() to receive messages from another AxoSyslog node that sends telemetry data using the syslog-ng-otlp() destination driver.

Parameter Description Default
syslog.config.sources.syslogNgOtlp.enabled Enable receiving syslog-ng-otlp() messages. true
syslog.config.sources.syslogNgOtlp.port The port where messages are received. 4317

File destination

To write the collected logs into files, configure the syslog.logFileStorage and the syslog.config.destinations.file options.

Parameter Description Default
syslog.config.destinations.file.enabled Enables the file destination. true
syslog.config.destinations.file.path The path and filename of the log files. Can include macros. For examples, see file: Store messages in plain-text files. "/var/log/syslog"
syslog.config.destinations.file.template The template used to format the log messages. Can include macros. ""
syslog.config.destinations.file.extraOptionsRaw Other options of the file() destination. If the directories used in syslog.destinations.file.path do not exist, set extraOptionsRaw: "create-dirs(yes)" "create-dirs(yes)"

For example:

syslog:
  enabled: true
  logFileStorage:
    enabled: true
    storageClass: standard
    size: 500Gi
  bufferStorage:
    enabled: false
    storageClass: standard
    size: 10Gi
  config:
    sources:
      syslog:
        enabled: true
    destinations:
      file:
        enabled: true
        path: "/var/log/$HOST/syslog"
        extraOptionsRaw: "create-dirs(yes)"

OpenSearch destination

Send logs to OpenSearch over HTTP or HTTPS.

Parameter Description Default
syslog.config.destinations.opensearch.enabled Enables the destination. true
syslog.config.destinations.opensearch.url The URL of the OpenSearch server. http://my-release-opensearch.default.svc.cluster.local:9200
syslog.config.destinations.opensearch.extraOptionsRaw Other options of the opensearch() destination. "time-reopen(10)"
syslog.config.destinations.opensearch.index Name of the OpenSearch index that stores the messages. "test-axoflow-index"
syslog.config.destinations.opensearch.user The username to use for authentication on the OpenSearch server, if not authenticating with a certificate. "admin"
syslog.config.destinations.opensearch.password The password to use for authentication on the OpenSearch server. "admin"
syslog.config.destinations.opensearch.template A template to format the messages. "$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})"
syslog.config.destinations.opensearch.tls.CAFile The CA certificate in PEM format to use when verifying the certificate of the server. ""
syslog.config.destinations.opensearch.tls.CADir A directory containing a set of trusted CA certificates in PEM format. The name of the files must be the 32-bit hash of the subject’s name. AxoSyslog verifies the certificate of the server using these CA certificates. ""
syslog.config.destinations.opensearch.tls.Cert Name of a file containing an X.509 certificate or a certificate chain in PEM format. AxoSyslog authenticates with this certificate on the server, with the private key set in the syslog.config.destinations.opensearch.tls.Key field. If the file contains a certificate chain, the file must begin with the certificate of the host, followed by the CA certificate that signed the certificate of the host, and any other signing CAs in order. ""
syslog.config.destinations.opensearch.tls.Key Name of a file containing an unencrypted private key in PEM format. AxoSyslog authenticates with this key and the certificate set in the syslog.config.destinations.opensearch.tls.Cert field. ""
syslog.config.destinations.opensearch.tls.peerVerify If true, AxoSyslog verifies the certificate of the server with the CA certificates set in syslog.config.destinations.opensearch.tls.CAFile and syslog.config.destinations.opensearch.tls.CADir. ""

For example:

syslog:
  enabled: true
  bufferStorage:
    enabled: true
    storageClass: standard
    size: 10Gi
  config:
    sources:
      syslog:
        enabled: true
    destinations:
      opensearch:
        enabled: true
        url: http://my-release-opensearch.default.svc.cluster.local:9200
        index: "test-axoflow-index"
        user: "admin"
        password: "admin"
        #tls:
        #  CAFile: "/path/to/CAFile.pem"
        #  CADir: "/path/to/CADir/"
        #  Cert: "/path/to/Cert.pem"
        #  Key: "/path/to/Key.pem"
        #  peerVerify: false
        extraOptionsRaw: "time-reopen(10)"

Syslog destination

Send logs over the network, conforming to RFC3164 using the network() destination driver.

Parameter Description Default
syslog.config.destinations.syslog.enabled Enables the destination. true
syslog.config.destinations.syslog.address The IP address of the destination host. ""
syslog.config.destinations.syslog.extraOptionsRaw Other options of the network() destination. "time-reopen(10)"
syslog.config.destinations.syslog.port The port number to send the messages to. 12345
syslog.config.destinations.syslog.template A template to format the messages. ""
syslog.config.destinations.syslog.transport The transport protocol to use. Possible values: tcp, udp tcp

For example:

syslog:
  enabled: true
  bufferStorage:
    enabled: true
    storageClass: standard
    size: 10Gi
  config:
    sources:
      syslog:
        enabled: true
    destinations:
      syslog:
        enabled: true
        transport: tcp
        address: 192.168.77.133
        port: 12345
        # convert incoming data to JSON
        #template: "$(format-json .*)\n"
        # use standard syslog logfile
        #template: "$ISODATE $HOST $MSGHDR$MSG\n"
        extraOptionsRaw: "time-reopen(10)"

syslogNgOtlp destination

Send data using the syslog-ng-otlp() destination driver to another AxoSyslog node.

Parameter Description Default
syslog.config.destinations.syslogNgOtlp.enabled Enables the destination. no
syslog.config.destinations.syslogNgOtlp.url The IP address of the destination host. ""
syslog.config.destinations.syslogNgOtlp.extraOptionsRaw Other options of the syslog-ng-otlp() destination. "time-reopen(1) batch-timeout(1000) batch-lines(1000)"

For example:

syslog:
  enabled: true
  bufferStorage:
    enabled: true
    storageClass: standard
    size: 10Gi
  config:
    sources:
      syslog:
        enabled: true
    destinations:
      syslogNgOtlp:
        enabled: true
        url: "192.168.77.133:4317"
        extraOptionsRaw: "time-reopen(1) batch-timeout(1000) batch-lines(1000)"

Generic chart parameters

Parameter Description Default
image.repository The container image repository ghcr.io/axoflow/axosyslog
image.pullPolicy The container image pull policy IfNotPresent
image.tag The container image tag 4.9.0
image.extraArgs Custom arguments applied as the value of spec.container.args []
imagePullSecrets The names of secrets containing private registry credentials []
nameOverride Override the chart name ""
fullnameOverride Override the full chart name ""
rbac.create Create RBAC resources true
rbac.extraRules Additional RBAC rules []
openShift.enabled Set to true when deploying on OpenShift false
openShift.securityContextConstraints.create Create SecurityContextConstraints on OpenShift true
openShift.securityContextConstraints.annotations Annotations to apply to SecurityContextConstraints {}
service.create Create a service so the syslog server can receive incoming connections. true
service.extraports Open additional ports for the syslog server []
serviceAccount.create Whether to create a service account true
serviceAccount.annotations Annotations to apply to the service account {}
namespace The Kubernetes namespace to deploy to ""
podAnnotations Additional annotations to apply to the pod {}
podSecurityContext Security context for the pod {}
securityContext Security context for the container {}
resources Resource requests and limits for the collector container. If not set, the values of collector.resources are used. {}
nodeSelector Node labels for pod assignment {}
tolerations Tolerations for pod assignment []
affinity Pod affinity {}
updateStrategy Update strategy for the Collector DaemonSet RollingUpdate
priorityClassName The name of the PriorityClass the pod belongs to ""
dnsConfig The DNS configuration of the pod {}
hostAliases Additional entries to the pod’s hosts file []
secretMounts Additional secrets to mount for the pod. If not set, the values of collector.secretMounts are used. []
extraVolumes Additional volumes to mount for the pod. If not set, the values of collector.extraVolumes are used. []
terminationGracePeriodSeconds How many seconds a pod with a failing probe has before shut down 30
Last modified April 30, 2024: Updates (6b05d69)