rsyslog

The rocket-fast system for log processing pipelines

rsyslog

The rocket-fast system for log processing pipelines

The rocket-fast system for log processing pipelines

rsyslog helps you collect, transform, and route event data reliably at scale. Built for speed, flexibility, and control in modern Linux and container environments.

Download
Professional Services
Documentation
GitHub

Runs great on single hosts and in containerized deployments.

Abstract visualization of rsyslog configuration pipelines

Trusted by organizations worldwide

1M+

Messages per second

100+

Input/output modules

20+

Years in production

What’s new:

Get started in 60 seconds

Two quick ways to try rsyslog.

# Debian/Ubuntu
sudo apt-get update
sudo apt-get install -y rsyslog
sudo systemctl enable --now rsyslog
# Config lives in /etc/rsyslog.conf and /etc/rsyslog.d/
# Docker (example)
docker run --name rsyslog/rsyslog -d \
  -v $(pwd)/rsyslog.conf:/etc/rsyslog.conf:ro \
  -p 514:514/tcp -p 514:514/udp \
  rsyslog/rsyslog

See First steps guide and Basic configuration reference for more detail.

What is rsyslog?

rsyslog is an open-source log processing engine for Linux. It ingests messages from many inputs, parses and enriches them, buffers safely with disk-assisted queues, and forwards them to destinations such as files, Kafka, HTTP, or search backends. Configuration uses RainerScript, a powerful rules and templates language optimized for high throughput and predictable behavior.

Learn more about the project.

Why operators rely on rsyslog

💾 Reliable delivery
Disk-assisted queues and backpressure controls keep pipelines flowing.

📎 Flexible parsing
Support for regex, structured formats, JSON, and liblognorm pipelines.

📦 Powerful routing
Conditional rules and reusable templates with RainerScript.

📭 Broad outputs
Files, TCP/UDP/TLS syslog, Kafka, HTTP, and database destinations.

📰 Performance at scale
Multi-threaded design with tuning controls for predictable latency.

🌍 Runs anywhere
Bare metal, virtual machines, and containerized environments.

Works with your observability stack

TargetDescription / Docs link
Elastic / OpenSearchoutput-elasticsearch module guide
Grafana LokiHTTP/JSON shipping example
Kafkaomkafka documentation
Splunk HEComhttp configuration example
Files & rotationomfile output reference
DatabasesOutput modules overview

Integrates via open protocols (syslog, TCP/TLS, HTTP, Kafka). No cloud-vendor lock-in.

💼 Professional services for production workloads

Need expert help to ship faster and reduce risk? Our team provides architecture reviews, performance tuning, migrations, troubleshooting, and long-term support—tailored to your stack.

  • ✅ Architecture & performance reviews
  • ✅ Production readiness, HA & DR patterns
  • ✅ Migrations (e.g., from Kiwi, Logstash)
  • ✅ Custom modules and integrations
  • ✅ Incident response and troubleshooting
  • ✅ SLAs and long-term support options
Talk to an expert
Custom development

💻 Two tiny examples

Example A (RainerScript)

module(load="imuxsock")
module(load="imklog")
template(name="jsonl" type="list") {
  constant(value="{\"ts\":\"")     property(name="timereported" dateFormat="rfc3339")
  constant(value="\",\"host\":\"") property(name="hostname")
  constant(value="\",\"msg\":\"")  property(name="msg" format="json")
  constant(value="\"}\n")
}
*.* action(type="omfile" file="/var/log/events.jsonl" template="jsonl")

Example B (RainerScript)

module(load="imuxsock")
module(load="omkafka")
if ($programname == "sshd") then {
  action(type="omkafka"
         broker=["kafka:9092"]
         topic="security-auth"
         template="RSYSLOG_TraditionalFileFormat")
}

🤖 Self-support with the rsyslog Assistant

The rsyslog Assistant is an AI-powered self-support tool based on curated, verified project knowledge, supervised by maintainers. Use it to explore configuration options, examples, and troubleshooting tips.

Open rsyslog Assistant

📢 Latest from the project

View all news

Documentation | Modules | Community | Security | Support / Contact

Scroll to top