# Parameters of the AxoSyslog Helm chart
The following table lists the configurable parameters of the AxoSyslog collector chart and their default values. For details on installing the chart, see [Install AxoSyslog with Helm](../../../docs/axosyslog-core/install/helm/index.md).
## Collector parameters
When you deploy AxoSyslog as a collector (which is a DaemonSet), it collects and forwards local logs to a destination. You can use the following parameters to configure the collector. The parameters for specific destinations are shown in subsequent sections.
Parameter | Description | Default
---|---|---
collector.enabled | Deploy AxoSyslog as a collector to collect and forward local logs | `true`
collector.config.destinations | The configurations of destinations that can be configured using chart values: [syslog](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#collector-syslog-destination), [opensearch](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#collector-opensearch-destination), and [syslogNgOtlp](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#collector-syslog-ng-otlp-destination). For destinations and options not available as chart values, you can use the `collector.config.raw` option. | `""`
collector.config.raw | A complete `syslog-ng` configuration. If this parameter is set, all other parameters in the `collector.config` section are ignored. You can use this to set parameters that are not available as chart values. For details on how to create a configuration for `syslog-ng`, see the [AxoSyslog Core documentation](). | `""`
collector.config.rewrites.set | A list of name-value pairs to set for the collected log messages. Uses the [`set` rewrite rule](../../../docs/axosyslog-core/chapter-manipulating-messages/modifying-messages/rewrite-set/index.md). | `{}`
collector.config.sources.kubernetes.enabled | Collect pod logs using the [`kubernetes()`](../../../docs/axosyslog-core/chapter-sources/configuring-sources-kubernetes/index.md) source. If disabled, the chart doesn’t configure any source. For the list of available sources, see the [Sources chapter](../../../docs/axosyslog-core/chapter-sources/index.md) | `true`
collector.config.sources.kubernetes.prefix | Set JSON prefix for logs collected from the Kubernetes cluster | `""`
collector.config.sources.kubernetes.keyDelimiter | Set JSON key delimiter for logs collected from the Kubernetes cluster | `""`
collector.stats.level | Specifies the level of statistics AxoSyslog collects about the processed messages. For details, see ([level()](../../../docs/axosyslog-core/chapter-global-options/reference-options/index.md#global-option-stats-level)). | `2`
The following example uses the `collector.config.raw` parameter to configure a custom destination:
```
collector:
config:
raw: |
@version: 4.25.0
@include "scl.conf"
log {
source {
syslog(port(12345));
};
destination {
logscale(
token("your-secret-humio-ingest-token")
);
};
flags(flow-control);
};
hostNetworking: true
```
### Syslog destination
Send logs over the network, conforming to RFC3164 using the [`network()`](../../../docs/axosyslog-core/chapter-destinations/configuring-destinations-network/index.md) destination driver.
Parameter | Description | Default
---|---|---
collector.config.destinations.syslog.enabled | Enables the destination. | `false`
collector.config.destinations.syslog.address | The IP address of the destination host. | `localhost`
collector.config.destinations.syslog.extraOptionsRaw | Other options of the [`network()` destination](../../../docs/axosyslog-core/chapter-destinations/configuring-destinations-network/index.md). | `"time-reopen(10)"`
collector.config.destinations.syslog.port | The port number to send the messages to. | `12345`
collector.config.destinations.syslog.template | A template to format the messages. | `"$(format-json .*)"`
collector.config.destinations.syslog.transport | The transport protocol to use. Possible values: `tcp`, `udp` | `tcp`
For example:
```
collector:
config:
destinations:
syslog:
enabled: true
transport: tcp
address: localhost
port: 12345
template: "$(format-json .*)"
```
### OpenSearch destination
Send logs to OpenSearch over HTTP or HTTPS.
Parameter | Description | Default
---|---|---
collector.config.destinations.opensearch.enabled | Enables the destination. | `false`
collector.config.destinations.opensearch.address | The URL of the OpenSearch server. | `http://my-release-opensearch.default.svc.cluster.local:9200`
collector.config.destinations.opensearch.index | Name of the OpenSearch index that stores the messages. | `"test-axoflow-index"`
collector.config.destinations.opensearch.user | The username to use for authentication on the OpenSearch server, if not authenticating with a certificate. | `"admin"`
collector.config.destinations.opensearch.password | The password to use for authentication on the OpenSearch server. | `"admin"`
collector.config.destinations.opensearch.template | A template to format the messages. | `"$(format-json .*)"`
collector.config.destinations.opensearch.tls.CADir | A directory containing a set of trusted CA certificates in PEM format. The name of the files must be the 32-bit hash of the subject’s name. AxoSyslog verifies the certificate of the server using these CA certificates. | `"/path/to/CADir/"`
collector.config.destinations.opensearch.tls.CAFile | The CA certificate in PEM format to use when verifying the certificate of the server. | `"/path/to/CAFile.pem"`
collector.config.destinations.opensearch.tls.Cert | Name of a file containing an X.509 certificate or a certificate chain in PEM format. AxoSyslog authenticates with this certificate on the server, with the private key set in the `collector.config.destinations.opensearch.tls.Key` field. If the file contains a certificate chain, the file must begin with the certificate of the host, followed by the CA certificate that signed the certificate of the host, and any other signing CAs in order. | `"/path/to/Cert.pem"`
collector.config.destinations.opensearch.tls.Key | Name of a file containing an unencrypted private key in PEM format. AxoSyslog authenticates with this key and the certificate set in the `collector.config.destinations.opensearch.tls.Cert` field. | `"/path/to/Key.pem"`
collector.config.destinations.opensearch.tls.peerVerify | If true, AxoSyslog verifies the certificate of the server with the CA certificates set in `collector.config.destinations.opensearch.tls.CAFile` and `collector.config.destinations.opensearch.tls.CADir`. | `false`
For example:
```
collector:
config:
destinations:
opensearch:
- address: 10.104.232.94
index: "test-axoflow-index"
tls:
CAFile: "/path/to/CAFile.pem"
CADir: "/path/to/CADir/"
Cert: "/path/to/Cert.pem"
Key: "/path/to/Key.pem"
peerVerify: true
template: "$(format-json .*)"
```
### syslogNgOtlp destination
Send logs over to another AxoSyslog node using the [`syslog-ng-otlp()`](../../../docs/axosyslog-core/chapter-destinations/destination-syslog-ng-otlp/index.md) destination driver.
Parameter | Description | Default
---|---|---
collector.config.destinations.syslogNgOtlp.enabled | Enables the destination. | `false`
collector.config.destinations.syslogNgOtlp.url | The IP address and port of the destination host. | `"192.168.77.133:4317"`
collector.config.destinations.syslogNgOtlp.extraOptionsRaw | Other options of the [`syslog-ng-otlp()` destinations](../../../docs/axosyslog-core/chapter-destinations/destination-syslog-ng-otlp/index.md). | “time-reopen(1) batch-timeout(1000) batch-lines(1000)”
### Other collector parameters
Parameter | Description | Default
---|---|---
collector.affinity | Pod affinity | `{}`
collector.annotations | Additional annotations to apply to the DaemonSet | `{}`
collector.extraVolumes | Additional volumes to mount | `[]`
collector.hostAliases | Add host aliases | `[]`
collector.hostNetworking | Whether to enable host networking | `false`
collector.labels | Additional labels to apply to the DaemonSet | `{}`
collector.maxUnavailable | The maximum number of unavailable pods during a rolling update | `1`
collector.nodeSelector | Node labels for pod assignment | `{}`
collector.resources | Resource requests and limits | `{}`
collector.tolerations | Tolerations for pod assignment | `[]`
collector.secretMounts | Mount additional secrets as volumes | `[]`
collector.securityContext | Security context for the pod | `{}`
## Syslog server parameters
When you deploy AxoSyslog as a server (which is a StatefulSet), it receives incoming data from the network and routes it to a local or remote destination. collects and forwards local logs to a destination. You can use the following parameters to configure the syslog server. The parameters for specific destinations are shown in subsequent sections.
Parameter | Description | Default
---|---|---
syslog.enabled | Deploy AxoSyslog as a collector to collect and forward local logs | `true`
syslog.bufferStorage.enabled | Configures a storage using PersistentVolumes to use as disk-buffer. | `false`
syslog.bufferStorage.storageClass | The class of the storage to use, for example, `standard`. | `standard`
syslog.bufferStorage.size | The maximum size of the storage to use as disk-buffer, for example, `10Gi`. | `10Gi`
syslog.logFileStorage.enabled | Configures a storage using PersistentVolumes to store the log files. | `false`
syslog.logFileStorage.storageClass | The class of the storage to use, for example, `standard`. | `standard`
syslog.logFileStorage.size | The maximum size of the storage to use as for log storage, for example, `10Gi`. | `500Gi`
syslog.config.raw | A complete `syslog-ng` configuration. If this parameter is set, all other parameters in the `syslog.config` section are ignored. You can use this to set parameters that are not available as chart values. For details on how to create a configuration for `syslog-ng`, see the [AxoSyslog Core documentation](). | `""`
syslog.config.stats.level | Specifies the detail of statistics AxoSyslog collects about the processed messages. For details, see [level()](../../../docs/axosyslog-core/chapter-global-options/reference-options/index.md#global-option-stats-level). | `2`
syslog.config.rewrites.set | A list of name-value pairs to set for the collected log messages. Uses the [`set` rewrite rule](../../../docs/axosyslog-core/chapter-manipulating-messages/modifying-messages/rewrite-set/index.md). | `{}`
syslog.config.sources | The configurations of the sources that can be configured using chart values: [syslog](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-syslog-source) and [syslogNgOtlp](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-syslog-ng-otlp-source). | [syslog](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-syslog-source) and [syslogNgOtlp](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-syslog-ng-otlp-source) are enabled by default. See the individual sources for details. For sources not available as chart values, you can use the `collector.config.raw` option.
syslog.config.destinations | The configurations of destinations that can be configured using chart values: [file](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-file-destination), [syslog](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-syslog-destination), [opensearch](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-opensearch-destination), and [syslogNgOtlp](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-syslog-ng-otlp-destination). | The [file](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-file-destination), [syslog](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-syslog-destination), [opensearch](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-opensearch-destination) destinations are enabled by default. For destinations not available as chart values, you can use the `collector.config.raw` option.
### Syslog source
You can use the syslog source to receive RFC3164 or RFC5424 formatted syslog messages on the following ports:
* 1514: RFC3164-formatted traffic over TCP and UDP (NodePort 30514)
* 1601: RFC5424-formatted traffic over TCP (NodePort 30601)
* 6514: RFC5424-formatted traffic over TLS (NodePort 30614)
If needed, you can open additional ports using the [`service.extraPorts`](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#generic-chart-parameters) option.
Parameter | Description | Default
---|---|---
syslog.config.sources.syslog.enabled | Enable receiving syslog messages. | `true`
syslog.config.sources.syslog.max-connections | Maximum number of parallel connections. | `1000`
syslog.config.sources.syslog.log-iw-size | The initial window size used for [flow-control](../../../docs/axosyslog-core/chapter-routing-filters/concepts-flow-control/index.md). | `100000`
syslog.config.sources.syslog.tls.peerVerify | Set to `yes` to request a certificate from the peers. In this case, you must also set the CA directory or the CA file. | `no`
syslog.config.sources.syslog.tls.CAFile | A file containing trusted CA certificates. For details, see [TLS options](../../../docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions/index.md#ca-file). | `""`
syslog.config.sources.syslog.tls.CADir | The directory for the trusted CA files. For details, see [TLS options](../../../docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions/index.md#ca-dir). | `""`
syslog.config.sources.syslog.tls.Cert | The certificate file to show to the peer. For details, see [TLS options](../../../docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions/index.md#cert-file). | `""`
syslog.config.sources.syslog.tls.Key | The private key file for the certificate. For details, see [TLS options](../../../docs/axosyslog-core/chapter-encrypted-transport-tls/tlsoptions/index.md#key-file). | `""`
### syslogNgOtlp source
Initializes a [`syslog-ng-otlp()`](../../../docs/axosyslog-core/chapter-sources/source-syslog-ng-otlp/index.md) to receive messages from another AxoSyslog node that sends telemetry data using the [`syslog-ng-otlp()`](../../../docs/axosyslog-core/chapter-destinations/destination-syslog-ng-otlp/index.md) destination driver.
Parameter | Description | Default
---|---|---
syslog.config.sources.syslogNgOtlp.enabled | Enable receiving `syslog-ng-otlp()` messages. | `true`
syslog.config.sources.syslogNgOtlp.port | The port where messages are received. | `4317`
### File destination
To write the collected logs into files, configure the [`syslog.logFileStorage`](../../../docs/axosyslog-core/install/helm/helm-chart-parameters/index.md#syslog-server) and the `syslog.config.destinations.file` options.
Parameter | Description | Default
---|---|---
syslog.config.destinations.file.enabled | Enables the file destination. | `true`
syslog.config.destinations.file.path | The path and filename of the log files. Can include macros. For examples, see [file: Store messages in plain-text files](../../../docs/axosyslog-core/chapter-destinations/configuring-destinations-file/index.md). | `"/var/log/syslog"`
syslog.config.destinations.file.template | The [template](../../../docs/axosyslog-core/chapter-destinations/configuring-destinations-file/reference-destination-file/index.md#template) used to format the log messages. Can include macros. | `""`
syslog.config.destinations.file.extraOptionsRaw | Other options of the [`file()` destination](../../../docs/axosyslog-core/chapter-destinations/configuring-destinations-file/index.md). If the directories used in `syslog.destinations.file.path` do not exist, set `extraOptionsRaw: "create-dirs(yes)"` | `"create-dirs(yes)"`
For example:
```
syslog:
enabled: true
logFileStorage:
enabled: true
storageClass: standard
size: 500Gi
bufferStorage:
enabled: false
storageClass: standard
size: 10Gi
config:
sources:
syslog:
enabled: true
destinations:
file:
enabled: true
path: "/var/log/$HOST/syslog"
extraOptionsRaw: "create-dirs(yes)"
```
### OpenSearch destination
Send logs to [OpenSearch](../../../docs/axosyslog-core/chapter-destinations/destination-opensearch/index.md) over HTTP or HTTPS.
Parameter | Description | Default
---|---|---
syslog.config.destinations.opensearch.enabled | Enables the destination. | `true`
syslog.config.destinations.opensearch.url | The URL of the OpenSearch server. | `http://my-release-opensearch.default.svc.cluster.local:9200`
syslog.config.destinations.opensearch.extraOptionsRaw | Other options of the [`opensearch()` destination](../../../docs/axosyslog-core/chapter-destinations/destination-opensearch/index.md). | `"time-reopen(10)"`
syslog.config.destinations.opensearch.index | Name of the OpenSearch index that stores the messages. | `"test-axoflow-index"`
syslog.config.destinations.opensearch.user | The username to use for authentication on the OpenSearch server, if not authenticating with a certificate. | `"admin"`
syslog.config.destinations.opensearch.password | The password to use for authentication on the OpenSearch server. | `"admin"`
syslog.config.destinations.opensearch.template | A template to format the messages. | `"$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})"`
syslog.config.destinations.opensearch.tls.CAFile | The CA certificate in PEM format to use when verifying the certificate of the server. | `""`
syslog.config.destinations.opensearch.tls.CADir | A directory containing a set of trusted CA certificates in PEM format. The name of the files must be the 32-bit hash of the subject’s name. AxoSyslog verifies the certificate of the server using these CA certificates. | `""`
syslog.config.destinations.opensearch.tls.Cert | Name of a file containing an X.509 certificate or a certificate chain in PEM format. AxoSyslog authenticates with this certificate on the server, with the private key set in the `syslog.config.destinations.opensearch.tls.Key` field. If the file contains a certificate chain, the file must begin with the certificate of the host, followed by the CA certificate that signed the certificate of the host, and any other signing CAs in order. | `""`
syslog.config.destinations.opensearch.tls.Key | Name of a file containing an unencrypted private key in PEM format. AxoSyslog authenticates with this key and the certificate set in the `syslog.config.destinations.opensearch.tls.Cert` field. | `""`
syslog.config.destinations.opensearch.tls.peerVerify | If true, AxoSyslog verifies the certificate of the server with the CA certificates set in `syslog.config.destinations.opensearch.tls.CAFile` and `syslog.config.destinations.opensearch.tls.CADir`. | `""`
For example:
```
syslog:
enabled: true
bufferStorage:
enabled: true
storageClass: standard
size: 10Gi
config:
sources:
syslog:
enabled: true
destinations:
opensearch:
enabled: true
url: http://my-release-opensearch.default.svc.cluster.local:9200
index: "test-axoflow-index"
user: "admin"
password: "admin"
#tls:
# CAFile: "/path/to/CAFile.pem"
# CADir: "/path/to/CADir/"
# Cert: "/path/to/Cert.pem"
# Key: "/path/to/Key.pem"
# peerVerify: false
extraOptionsRaw: "time-reopen(10)"
```
### Syslog destination
Send logs over the network, conforming to RFC3164 using the [`network()`](../../../docs/axosyslog-core/chapter-destinations/configuring-destinations-network/index.md) destination driver.
Parameter | Description | Default
---|---|---
syslog.config.destinations.syslog.enabled | Enables the destination. | `true`
syslog.config.destinations.syslog.address | The IP address of the destination host. | `""`
syslog.config.destinations.syslog.extraOptionsRaw | Other options of the [`network()` destination](../../../docs/axosyslog-core/chapter-destinations/configuring-destinations-network/index.md). | `"time-reopen(10)"`
syslog.config.destinations.syslog.port | The port number to send the messages to. | `12345`
syslog.config.destinations.syslog.template | A template to format the messages. | `""`
syslog.config.destinations.syslog.transport | The transport protocol to use. Possible values: `tcp`, `udp` | `tcp`
For example:
```
syslog:
enabled: true
bufferStorage:
enabled: true
storageClass: standard
size: 10Gi
config:
sources:
syslog:
enabled: true
destinations:
syslog:
enabled: true
transport: tcp
address: 192.168.77.133
port: 12345
# convert incoming data to JSON
#template: "$(format-json .*)\n"
# use standard syslog logfile
#template: "$ISODATE $HOST $MSGHDR$MSG\n"
extraOptionsRaw: "time-reopen(10)"
```
### syslogNgOtlp destination
Send data using the [`syslog-ng-otlp()`](../../../docs/axosyslog-core/chapter-destinations/destination-syslog-ng-otlp/index.md) destination driver to another AxoSyslog node.
Parameter | Description | Default
---|---|---
syslog.config.destinations.syslogNgOtlp.enabled | Enables the destination. | `no`
syslog.config.destinations.syslogNgOtlp.url | The IP address of the destination host. | `""`
syslog.config.destinations.syslogNgOtlp.extraOptionsRaw | Other options of the [`syslog-ng-otlp()` destination](../../../docs/axosyslog-core/chapter-destinations/destination-syslog-ng-otlp/index.md). | `"time-reopen(1) batch-timeout(1000) batch-lines(1000)"`
For example:
```
syslog:
enabled: true
bufferStorage:
enabled: true
storageClass: standard
size: 10Gi
config:
sources:
syslog:
enabled: true
destinations:
syslogNgOtlp:
enabled: true
url: "192.168.77.133:4317"
extraOptionsRaw: "time-reopen(1) batch-timeout(1000) batch-lines(1000)"
```
## Generic chart parameters
Parameter | Description | Default
---|---|---
image.repository | The container image repository | `ghcr.io/axoflow/axosyslog`
image.pullPolicy | The container image pull policy | `IfNotPresent`
image.tag | The container image tag | `4.25.0`
image.extraArgs | Custom arguments applied as the value of spec.container.args | `[]`
imagePullSecrets | The names of secrets containing private registry credentials | `[]`
nameOverride | Override the chart name | `""`
fullnameOverride | Override the full chart name | `""`
rbac.create | Create RBAC resources | `true`
rbac.extraRules | Additional RBAC rules | `[]`
openShift.enabled | Set to `true` when deploying on OpenShift | `false`
openShift.securityContextConstraints.create | Create SecurityContextConstraints on OpenShift | `true`
openShift.securityContextConstraints.annotations | Annotations to apply to SecurityContextConstraints | `{}`
service.create | Create a service so the [syslog server](../../../%7B#syslog-server%7D) can receive incoming connections. | `true`
service.extraports | Open additional ports for the [syslog server](../../../%7B#syslog-server%7D) | `[]`
serviceAccount.create | Whether to create a service account | `true`
serviceAccount.annotations | Annotations to apply to the service account | `{}`
namespace | The Kubernetes namespace to deploy to | `""`
podAnnotations | Additional annotations to apply to the pod | `{}`
podSecurityContext | Security context for the pod | `{}`
securityContext | Security context for the container | `{}`
resources | Resource requests and limits for the collector container. If not set, the values of `collector.resources` are used. | {}
nodeSelector | Node labels for pod assignment | `{}`
tolerations | Tolerations for pod assignment | `[]`
affinity | Pod affinity | `{}`
updateStrategy | Update strategy for the Collector DaemonSet | `RollingUpdate`
priorityClassName | The name of the [PriorityClass]() the pod belongs to | `""`
dnsConfig | The [DNS configuration of the pod]() | `{}`
hostAliases | Additional [entries to the pod’s hosts file]() | `[]`
secretMounts | Additional secrets to mount for the pod. If not set, the values of `collector.secretMounts` are used. | `[]`
extraVolumes | Additional volumes to mount for the pod. If not set, the values of `collector.extraVolumes` are used. | `[]`
terminationGracePeriodSeconds | How many seconds a [pod with a failing probe]() has before shut down | `30`
Last modified April 30, 2024: [Updates (6b05d69b)]()