Parameters of the AxoSyslog Helm chart
The following table lists the configurable parameters of the AxoSyslog collector chart and their default values. For details on installing the chart, see Install AxoSyslog with Helm.
Collector parameters
When you deploy AxoSyslog as a collector (which is a DaemonSet), it collects and forwards local logs to a destination. You can use the following parameters to configure the collector. The parameters for specific destinations are shown in subsequent sections.
Parameter | Description | Default |
---|---|---|
collector.enabled | Deploy AxoSyslog as a collector to collect and forward local logs | true |
collector.config.destinations | The configurations of destinations that can be configured using chart values: syslog, opensearch, and syslogNgOtlp. For destinations and options not available as chart values, you can use the collector.config.raw option. | "" |
collector.config.raw | A complete syslog-ng configuration. If this parameter is set, all other parameters in the collector.config section are ignored. You can use this to set parameters that are not available as chart values. For details on how to create a configuration for syslog-ng , see the AxoSyslog Core documentation. | "" |
collector.config.rewrites.set | A list of name-value pairs to set for the collected log messages. Uses the set rewrite rule. | {} |
collector.config.sources.kubernetes.enabled | Collect pod logs using the kubernetes() source. If disabled, the chart doesn’t configure any source. For the list of available sources, see the Sources chapter | true |
collector.config.sources.kubernetes.prefix | Set JSON prefix for logs collected from the Kubernetes cluster | "" |
collector.config.sources.kubernetes.keyDelimiter | Set JSON key delimiter for logs collected from the Kubernetes cluster | "" |
collector.stats.level | Specifies the level of statistics AxoSyslog collects about the processed messages. For details, see (level()). | 2 |
The following example uses the collector.config.raw
parameter to configure a custom destination:
collector:
config:
raw: |
@version: 4.8.0
@include "scl.conf"
log {
source {
syslog(port(12345));
};
destination {
logscale(
token("your-secret-humio-ingest-token")
);
};
flags(flow-control);
};
hostNetworking: true
Syslog destination
Send logs over the network, conforming to RFC3164 using the network()
destination driver.
Parameter | Description | Default |
---|---|---|
collector.config.destinations.syslog.enabled | Enables the destination. | false |
collector.config.destinations.syslog.address | The IP address of the destination host. | localhost |
collector.config.destinations.syslog.extraOptionsRaw | Other options of the network() destination. | "time-reopen(10)" |
collector.config.destinations.syslog.port | The port number to send the messages to. | 12345 |
collector.config.destinations.syslog.template | A template to format the messages. | "$(format-json .*)" |
collector.config.destinations.syslog.transport | The transport protocol to use. Possible values: tcp , udp | tcp |
For example:
collector:
config:
destinations:
syslog:
enabled: true
transport: tcp
address: localhost
port: 12345
template: "$(format-json .*)"
OpenSearch destination
Send logs to OpenSearch over HTTP or HTTPS.
Parameter | Description | Default |
---|---|---|
collector.config.destinations.opensearch.enabled | Enables the destination. | false |
collector.config.destinations.opensearch.address | The URL of the OpenSearch server. | http://my-release-opensearch.default.svc.cluster.local:9200 |
collector.config.destinations.opensearch.index | Name of the OpenSearch index that stores the messages. | "test-axoflow-index" |
collector.config.destinations.opensearch.user | The username to use for authentication on the OpenSearch server, if not authenticating with a certificate. | "admin" |
collector.config.destinations.opensearch.password | The password to use for authentication on the OpenSearch server. | "admin" |
collector.config.destinations.opensearch.template | A template to format the messages. | "$(format-json .*)" |
collector.config.destinations.opensearch.tls.CADir | A directory containing a set of trusted CA certificates in PEM format. The name of the files must be the 32-bit hash of the subject’s name. AxoSyslog verifies the certificate of the server using these CA certificates. | "/path/to/CADir/" |
collector.config.destinations.opensearch.tls.CAFile | The CA certificate in PEM format to use when verifying the certificate of the server. | "/path/to/CAFile.pem" |
collector.config.destinations.opensearch.tls.Cert | Name of a file containing an X.509 certificate or a certificate chain in PEM format. AxoSyslog authenticates with this certificate on the server, with the private key set in the collector.config.destinations.opensearch.tls.Key field. If the file contains a certificate chain, the file must begin with the certificate of the host, followed by the CA certificate that signed the certificate of the host, and any other signing CAs in order. | "/path/to/Cert.pem" |
collector.config.destinations.opensearch.tls.Key | Name of a file containing an unencrypted private key in PEM format. AxoSyslog authenticates with this key and the certificate set in the collector.config.destinations.opensearch.tls.Cert field. | "/path/to/Key.pem" |
collector.config.destinations.opensearch.tls.peerVerify | If true, AxoSyslog verifies the certificate of the server with the CA certificates set in collector.config.destinations.opensearch.tls.CAFile and collector.config.destinations.opensearch.tls.CADir . | false |
For example:
collector:
config:
destinations:
opensearch:
- address: 10.104.232.94
index: "test-axoflow-index"
tls:
CAFile: "/path/to/CAFile.pem"
CADir: "/path/to/CADir/"
Cert: "/path/to/Cert.pem"
Key: "/path/to/Key.pem"
peerVerify: true
template: "$(format-json .*)"
syslogNgOtlp destination
Send logs over to another AxoSyslog node using the syslog-ng-otlp()
destination driver.
Parameter | Description | Default |
---|---|---|
collector.config.destinations.syslogNgOtlp.enabled | Enables the destination. | false |
collector.config.destinations.syslogNgOtlp.url | The IP address and port of the destination host. | "192.168.77.133:4317" |
collector.config.destinations.syslogNgOtlp.extraOptionsRaw | Other options of the syslog-ng-otlp() destinations. | “time-reopen(1) batch-timeout(1000) batch-lines(1000)” |
Other collector parameters
Parameter | Description | Default |
---|---|---|
collector.affinity | Pod affinity | {} |
collector.annotations | Additional annotations to apply to the DaemonSet | {} |
collector.extraVolumes | Additional volumes to mount | [] |
collector.hostAliases | Add host aliases | [] |
collector.hostNetworking | Whether to enable host networking | false |
collector.labels | Additional labels to apply to the DaemonSet | {} |
collector.maxUnavailable | The maximum number of unavailable pods during a rolling update | 1 |
collector.nodeSelector | Node labels for pod assignment | {} |
collector.resources | Resource requests and limits | {} |
collector.tolerations | Tolerations for pod assignment | [] |
collector.secretMounts | Mount additional secrets as volumes | [] |
collector.securityContext | Security context for the pod | {} |
Syslog server parameters
When you deploy AxoSyslog as a server (which is a StatefulSet), it receives incoming data from the network and routes it to a local or remote destination. collects and forwards local logs to a destination. You can use the following parameters to configure the syslog server. The parameters for specific destinations are shown in subsequent sections.
Parameter | Description | Default |
---|---|---|
syslog.enabled | Deploy AxoSyslog as a collector to collect and forward local logs | true |
syslog.bufferStorage.enabled | Configures a storage using PersistentVolumes to use as disk-buffer. | false |
syslog.bufferStorage.storageClass | The class of the storage to use, for example, standard . | standard |
syslog.bufferStorage.size | The maximum size of the storage to use as disk-buffer, for example, 10Gi . | 10Gi |
syslog.logFileStorage.enabled | Configures a storage using PersistentVolumes to store the log files. | false |
syslog.logFileStorage.storageClass | The class of the storage to use, for example, standard . | standard |
syslog.logFileStorage.size | The maximum size of the storage to use as for log storage, for example, 10Gi . | 500Gi |
syslog.config.raw | A complete syslog-ng configuration. If this parameter is set, all other parameters in the syslog.config section are ignored. You can use this to set parameters that are not available as chart values. For details on how to create a configuration for syslog-ng , see the AxoSyslog Core documentation. | "" |
syslog.config.stats.level | Specifies the detail of statistics AxoSyslog collects about the processed messages. For details, see level(). | 2 |
syslog.config.rewrites.set | A list of name-value pairs to set for the collected log messages. Uses the set rewrite rule. | {} |
syslog.config.sources | The configurations of the sources that can be configured using chart values: syslog and syslogNgOtlp. | syslog and syslogNgOtlp are enabled by default. See the individual sources for details. For sources not available as chart values, you can use the collector.config.raw option. |
syslog.config.destinations | The configurations of destinations that can be configured using chart values: file, syslog, opensearch, and syslogNgOtlp. | The file, syslog, opensearch destinations are enabled by default. For destinations not available as chart values, you can use the collector.config.raw option. |
Syslog source
You can use the syslog source to receive RFC3164 or RFC5424 formatted syslog messages on the following ports:
- 1514: RFC3164-formatted traffic over TCP and UDP (NodePort 30514)
- 1601: RFC5424-formatted traffic over TCP (NodePort 30601)
- 6514: RFC5424-formatted traffic over TLS (NodePort 30614)
If needed, you can open additional ports using the service.extraPorts
option.
Parameter | Description | Default |
---|---|---|
syslog.config.sources.syslog.enabled | Enable receiving syslog messages. | true |
syslog.config.sources.syslog.max-connections | Maximum number of parallel connections. | 1000 |
syslog.config.sources.syslog.log-iw-size | The initial window size used for flow-control. | 100000 |
syslog.config.sources.syslog.tls.peerVerify | Set to yes to request a certificate from the peers. In this case, you must also set the CA directory or the CA file. | no |
syslog.config.sources.syslog.tls.CAFile | A file containing trusted CA certificates. For details, see TLS options. | "" |
syslog.config.sources.syslog.tls.CADir | The directory for the trusted CA files. For details, see TLS options. | "" |
syslog.config.sources.syslog.tls.Cert | The certificate file to show to the peer. For details, see TLS options. | "" |
syslog.config.sources.syslog.tls.Key | The private key file for the certificate. For details, see TLS options. | "" |
syslogNgOtlp source
Initializes a syslog-ng-otlp()
to receive messages from another AxoSyslog node that sends telemetry data using the syslog-ng-otlp()
destination driver.
Parameter | Description | Default |
---|---|---|
syslog.config.sources.syslogNgOtlp.enabled | Enable receiving syslog-ng-otlp() messages. | true |
syslog.config.sources.syslogNgOtlp.port | The port where messages are received. | 4317 |
File destination
To write the collected logs into files, configure the syslog.logFileStorage
and the syslog.config.destinations.file
options.
Parameter | Description | Default |
---|---|---|
syslog.config.destinations.file.enabled | Enables the file destination. | true |
syslog.config.destinations.file.path | The path and filename of the log files. Can include macros. For examples, see file: Store messages in plain-text files. | "/var/log/syslog" |
syslog.config.destinations.file.template | The template used to format the log messages. Can include macros. | "" |
syslog.config.destinations.file.extraOptionsRaw | Other options of the file() destination. If the directories used in syslog.destinations.file.path do not exist, set extraOptionsRaw: "create-dirs(yes)" | "create-dirs(yes)" |
For example:
syslog:
enabled: true
logFileStorage:
enabled: true
storageClass: standard
size: 500Gi
bufferStorage:
enabled: false
storageClass: standard
size: 10Gi
config:
sources:
syslog:
enabled: true
destinations:
file:
enabled: true
path: "/var/log/$HOST/syslog"
extraOptionsRaw: "create-dirs(yes)"
OpenSearch destination
Send logs to OpenSearch over HTTP or HTTPS.
Parameter | Description | Default |
---|---|---|
syslog.config.destinations.opensearch.enabled | Enables the destination. | true |
syslog.config.destinations.opensearch.url | The URL of the OpenSearch server. | http://my-release-opensearch.default.svc.cluster.local:9200 |
syslog.config.destinations.opensearch.extraOptionsRaw | Other options of the opensearch() destination. | "time-reopen(10)" |
syslog.config.destinations.opensearch.index | Name of the OpenSearch index that stores the messages. | "test-axoflow-index" |
syslog.config.destinations.opensearch.user | The username to use for authentication on the OpenSearch server, if not authenticating with a certificate. | "admin" |
syslog.config.destinations.opensearch.password | The password to use for authentication on the OpenSearch server. | "admin" |
syslog.config.destinations.opensearch.template | A template to format the messages. | "$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})" |
syslog.config.destinations.opensearch.tls.CAFile | The CA certificate in PEM format to use when verifying the certificate of the server. | "" |
syslog.config.destinations.opensearch.tls.CADir | A directory containing a set of trusted CA certificates in PEM format. The name of the files must be the 32-bit hash of the subject’s name. AxoSyslog verifies the certificate of the server using these CA certificates. | "" |
syslog.config.destinations.opensearch.tls.Cert | Name of a file containing an X.509 certificate or a certificate chain in PEM format. AxoSyslog authenticates with this certificate on the server, with the private key set in the syslog.config.destinations.opensearch.tls.Key field. If the file contains a certificate chain, the file must begin with the certificate of the host, followed by the CA certificate that signed the certificate of the host, and any other signing CAs in order. | "" |
syslog.config.destinations.opensearch.tls.Key | Name of a file containing an unencrypted private key in PEM format. AxoSyslog authenticates with this key and the certificate set in the syslog.config.destinations.opensearch.tls.Cert field. | "" |
syslog.config.destinations.opensearch.tls.peerVerify | If true, AxoSyslog verifies the certificate of the server with the CA certificates set in syslog.config.destinations.opensearch.tls.CAFile and syslog.config.destinations.opensearch.tls.CADir . | "" |
For example:
syslog:
enabled: true
bufferStorage:
enabled: true
storageClass: standard
size: 10Gi
config:
sources:
syslog:
enabled: true
destinations:
opensearch:
enabled: true
url: http://my-release-opensearch.default.svc.cluster.local:9200
index: "test-axoflow-index"
user: "admin"
password: "admin"
#tls:
# CAFile: "/path/to/CAFile.pem"
# CADir: "/path/to/CADir/"
# Cert: "/path/to/Cert.pem"
# Key: "/path/to/Key.pem"
# peerVerify: false
extraOptionsRaw: "time-reopen(10)"
Syslog destination
Send logs over the network, conforming to RFC3164 using the network()
destination driver.
Parameter | Description | Default |
---|---|---|
syslog.config.destinations.syslog.enabled | Enables the destination. | true |
syslog.config.destinations.syslog.address | The IP address of the destination host. | "" |
syslog.config.destinations.syslog.extraOptionsRaw | Other options of the network() destination. | "time-reopen(10)" |
syslog.config.destinations.syslog.port | The port number to send the messages to. | 12345 |
syslog.config.destinations.syslog.template | A template to format the messages. | "" |
syslog.config.destinations.syslog.transport | The transport protocol to use. Possible values: tcp , udp | tcp |
For example:
syslog:
enabled: true
bufferStorage:
enabled: true
storageClass: standard
size: 10Gi
config:
sources:
syslog:
enabled: true
destinations:
syslog:
enabled: true
transport: tcp
address: 192.168.77.133
port: 12345
# convert incoming data to JSON
#template: "$(format-json .*)\n"
# use standard syslog logfile
#template: "$ISODATE $HOST $MSGHDR$MSG\n"
extraOptionsRaw: "time-reopen(10)"
syslogNgOtlp destination
Send data using the syslog-ng-otlp()
destination driver to another AxoSyslog node.
Parameter | Description | Default |
---|---|---|
syslog.config.destinations.syslogNgOtlp.enabled | Enables the destination. | no |
syslog.config.destinations.syslogNgOtlp.url | The IP address of the destination host. | "" |
syslog.config.destinations.syslogNgOtlp.extraOptionsRaw | Other options of the syslog-ng-otlp() destination. | "time-reopen(1) batch-timeout(1000) batch-lines(1000)" |
For example:
syslog:
enabled: true
bufferStorage:
enabled: true
storageClass: standard
size: 10Gi
config:
sources:
syslog:
enabled: true
destinations:
syslogNgOtlp:
enabled: true
url: "192.168.77.133:4317"
extraOptionsRaw: "time-reopen(1) batch-timeout(1000) batch-lines(1000)"
Generic chart parameters
Parameter | Description | Default |
---|---|---|
image.repository | The container image repository | ghcr.io/axoflow/axosyslog |
image.pullPolicy | The container image pull policy | IfNotPresent |
image.tag | The container image tag | 4.8.0 |
image.extraArgs | Custom arguments applied as the value of spec.container.args | [] |
imagePullSecrets | The names of secrets containing private registry credentials | [] |
nameOverride | Override the chart name | "" |
fullnameOverride | Override the full chart name | "" |
rbac.create | Create RBAC resources | true |
rbac.extraRules | Additional RBAC rules | [] |
openShift.enabled | Set to true when deploying on OpenShift | false |
openShift.securityContextConstraints.create | Create SecurityContextConstraints on OpenShift | true |
openShift.securityContextConstraints.annotations | Annotations to apply to SecurityContextConstraints | {} |
service.create | Create a service so the syslog server can receive incoming connections. | true |
service.extraports | Open additional ports for the syslog server | [] |
serviceAccount.create | Whether to create a service account | true |
serviceAccount.annotations | Annotations to apply to the service account | {} |
namespace | The Kubernetes namespace to deploy to | "" |
podAnnotations | Additional annotations to apply to the pod | {} |
podSecurityContext | Security context for the pod | {} |
securityContext | Security context for the container | {} |
resources | Resource requests and limits for the collector container. If not set, the values of collector.resources are used. | {} |
nodeSelector | Node labels for pod assignment | {} |
tolerations | Tolerations for pod assignment | [] |
affinity | Pod affinity | {} |
updateStrategy | Update strategy for the Collector DaemonSet | RollingUpdate |
priorityClassName | The name of the PriorityClass the pod belongs to | "" |
dnsConfig | The DNS configuration of the pod | {} |
hostAliases | Additional entries to the pod’s hosts file | [] |
secretMounts | Additional secrets to mount for the pod. If not set, the values of collector.secretMounts are used. | [] |
extraVolumes | Additional volumes to mount for the pod. If not set, the values of collector.extraVolumes are used. | [] |
terminationGracePeriodSeconds | How many seconds a pod with a failing probe has before shut down | 30 |