rsyslog

High-performance log ingestion and ETL engine

rsyslog

High-performance log ingestion and ETL engine

Search Results for: queue

rsyslog: High-Performance Syslog Server and Log Aggregation Tool

The rocket-fast system for log processing pipelines

rsyslog helps you collect, transform, and route event data reliably at scale. Built for speed, flexibility, and control in modern Linux and container environments.

Abstract visualization of rsyslog configuration pipelines
Professional Services
Documentation
GitHub

Runs great on single hosts and in containerized deployments.

Trusted by organizations worldwide

1M+

Messages per second

100+

Input/output modules

20+

Years in production

What’s new

πŸ“¦ Current versions

Download the latest stable release, daily builds, or explore containerized deployments. All versions include documentation and release notes.

Latest stable release: 8.2604.0 [doc] [download]

Next release: 8.2606.0, June 2026

πŸ“¦ daily stable build (Ubuntu)

πŸ“¦ daily stable build (CentOS)

🐳 rsyslog docker container

πŸ“š packages and older versions

πŸͺŸ Windows Agent: 8.3 [download]

Get started in 60 seconds

Two quick ways to try rsyslog.

# Debian/Ubuntu
sudo apt-get update
sudo apt-get install -y rsyslog
sudo systemctl enable --now rsyslog
# Config lives in /etc/rsyslog.conf and /etc/rsyslog.d/
# Docker (example)
docker run --name rsyslog/rsyslog -d \
  -v $(pwd)/rsyslog.conf:/etc/rsyslog.conf:ro \
  -p 514:514/tcp -p 514:514/udp \
  rsyslog/rsyslog

See First steps guide and Basic configuration reference for more detail.

What is rsyslog?

rsyslog is an open-source, high-performance engine for collecting, transforming and routing event data. It ingests from diverse sources (files, journals, syslog, Kafka), applies parsing, enrichment and filtering rules via RainerScript and modules like mmnormalize, buffers safely with disk-assisted queues, and forwards to Elasticsearch, Kafka, HTTP endpoints or files. With over 20 years of proven reliability, rsyslog bridges classic syslog-style logging and modern data pipelines β€” now guided by an AI-First (human-controlled) vision for smarter observability.

Learn more about the project.

Why operators rely on rsyslog

πŸ’Ύ Reliable delivery
Disk-assisted queues and backpressure controls keep pipelines flowing.

πŸ“Ž Flexible parsing
Support for regex, structured formats, JSON, and liblognorm pipelines.

πŸ“¦ Powerful routing
Conditional rules and reusable templates with RainerScript.

πŸ“­ Broad outputs
Files, TCP/UDP/TLS syslog, Kafka, HTTP, and database destinations.

πŸ“° Performance at scale
Multi-threaded design with tuning controls for predictable latency.

🌍 Runs anywhere
Bare metal, virtual machines, and containerized environments.

Works with your observability stack

TargetDescription / Docs link
Elastic / OpenSearchoutput-elasticsearch module guide
Grafana LokiHTTP/JSON shipping example
Kafkaomkafka documentation
Splunk HEComhttp configuration example
Files & rotationomfile output reference
DatabasesOutput modules overview

Integrates via open protocols (syslog, TCP/TLS, HTTP, Kafka). No cloud-vendor lock-in.

πŸ’Ό Professional services for production workloads

Need expert help to ship faster and reduce risk? Our team provides architecture reviews, performance tuning, migrations, troubleshooting, and long-term supportβ€”tailored to your stack.

  • βœ… Architecture & performance reviews
  • βœ… Production readiness, HA & DR patterns
  • βœ… Migrations (e.g., from Kiwi, Logstash)
  • βœ… Custom modules and integrations
  • βœ… Incident response and troubleshooting
  • βœ… SLAs and long-term support options
Talk to an expert
Custom development

πŸ’» Two tiny examples

Example A (RainerScript)

module(load="imuxsock")
module(load="imklog")
template(name="jsonl" type="list") {
  constant(value="{\"ts\":\"")     property(name="timereported" dateFormat="rfc3339")
  constant(value="\",\"host\":\"") property(name="hostname")
  constant(value="\",\"msg\":\"")  property(name="msg" format="json")
  constant(value="\"}\n")
}
*.* action(type="omfile" file="/var/log/events.jsonl" template="jsonl")

Example B (RainerScript)

module(load="imuxsock")
module(load="omkafka")
if ($programname == "sshd") then {
  action(type="omkafka"
         broker=["kafka:9092"]
         topic="security-auth"
         template="RSYSLOG_TraditionalFileFormat")
}

πŸ€– Self-support with the rsyslog Assistant

The rsyslog Assistant is an AI-powered self-support tool based on curated, verified project knowledge, supervised by maintainers. Use it to explore configuration options, examples, and troubleshooting tips.

Open rsyslog Assistant

πŸ“’ Latest from the project

View all news

Documentation | Modules | Community | Security | Support / Contact

rsyslog 8.2510.0 (2025.10) released

Rainer Gerhardsannouncement, Release Announcement, Uncategorized

We have today released the 8.25100 rsyslog scheduled stable release. This release delivers three main themes: better Windows Security event ingestion, more flexible JSON handling end to end, and pragmatic compatibility fixes across popular outputs and platforms. It also includes steady documentation improvements and CI hardening.

Continue reading “rsyslog 8.2510.0 (2025.10) released”

rsyslog 8.2508.0 (2025.08) – release announcement

Rainer Gerhardsannouncement, Release Announcement

Download: https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2508.0.tar.gz
Project-provided packages are building now and are expected later today. Ubuntu PPAs are already done.

We are excited to ship a large and meaningful rsyslog release. This cycle advances our responsible “AI First” strategy and moves decisively toward cloud native operations. It also delivers major quality, security, and documentation improvements.

Continue reading “rsyslog 8.2508.0 (2025.08) – release announcement”

RSyslog Windows Agent 7.2 Released

friedlRelease Announcement, , , ,

Release Date: 2022-01-18

Build-IDs: Service 7.2.0.217, Client 7.2.0.310

Features

  • Syslog Service: Added configurable option to detect Year in RFC3164 Syslog Header. If enabled, the service will try to detect a Year after the usual RFC3164 Date Header.
  • Syslog Service: Added configurable message size limit for syslog tcp messages. The default is 1MB which is far more as defined in syslog rfcs.

Bugfixes

  • EventLog Monitor v2: Fix handling of empty Debug/analytic channels.
  • TLS: Fix a problem with X509 Certificate Checking (Server Side).
  • File Config: Fixed a problem loading big numbers (Signed/Unsigned).
  • Queue Engine: Add limit to queue full warnings/errors eventsΒ  to avoid spamming the eventlog.
  • Engine: Increased stability.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 7.0 Released

friedlRelease Announcement, , , , , , No Comments on RSyslog Windows Agent 7.0 Released

Release Date: 2021-03-09

Build-IDs: Service 7.0.0.213, Client 7.0.0.297

Features

  • Filter Engine: Add support to filter by IPv6 addresses.
  • Eventlog Monitor V2: Added support to for LogPoint SIEM JSON Format.
  • Eventlog Monitor V2: Added support for the following EventLog properties (if available):
    Providerguid, processed, threaded, version, opcode, eventtype, nxseverityvalue (required for Severity Mapping in LogPoint SIEM JSON Format)
  • Action Caching: Added support for caching / queuing in RELP Action when Action processing fails.
  • Filter Engine: Added support to store filter results when using the global Status Variable type filters.
  • Queue Engine: Added Warning/Error events which are generated when the queue gets full.
  • Librelp: Updated librelp to v1.8.0.
  • Openssl: Updated to version 1.1.1g.

Bugfixes

  • Filter Engine: Fixed SaveIntoProperty handling when using the Status Type Filter.
  • Queue Engine: Fixed an issue that caused an internal exception
    STATUS_STACK_BUFFER_OVERRUN when two TCP Syslog Sessions where closed at the same time.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 7.0 Released

friedlNews, news-rwa, ,

We are proud to announce the 7.0 release of Rsyslog Windows Agent.

On the output side we have added dedicated action queues to all potentially blocking actions. This provides higher performance as well as buffering capabilities in case the action is unreachable or blocks for some other reason. We also added native support for LogPoint SIEM JSON format. This makes it even easier to integrate into such environments.

Very importantly, we now fully support the latest Windows Server and Windows 10 builds 20H2.

Filtering capabilities have been enhanced, for example in regard to IPv6 and status information. Also new properties have been added and support libraries upgraded for even more feature-richness and to use the latest security features. For example, TLS 1.3 is now supported.

Detailed information can be found in the version history.
Version 7.0 is a free download. Customers with existing 6.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

RSyslog Windows Agent 6.2b Released

friedlNews, news-rwa, ,

We are proud to announce the 6.2b release of Rsyslog Windows Agent.

This is a bugfixing release with fixes for the “Start Program Action” and a buffer overrun in the queue engine.

Detailed information can be found in the version history.
Version 6.2b is a free download. Customers with existing 5.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

RSyslog Windows Agent 6.2b Released

friedlNews, , No Comments on RSyslog Windows Agent 6.2b Released

Release Date: 2020-09-04

Build-IDs: Service 6.2.0.209, Client 6.2.0.284

Bugfixes

  • Start Program Action: Fixed loading the Sync Timeout setting in file configuration mode.
  • Queue Engine: Fix for STATUS_STACK_BUFFER_OVERRUN exception.
    STATUS_STACK_BUFFER_OVERRUN doesn’t mean that there was a stack buffer overrun. It appears that due recent security updates in windows network code, a new exception type was introduced. This exception could be happening in very rare conditions when two Syslog Action would close their TCP Sessions at the very same millisecond.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.1 Released

friedlRelease Announcement, , , , No Comments on RSyslog Windows Agent 6.1 Released

Release Date: 2020-01-31

Build-IDs: Service 6.1.0.205, Client 6.1.0.280

Features

  • Property engine: Added new static property %localhostname% which contains the local computer name.
  • Syslog Action: Fixed Syslog Version in RFC5424 Header to 1.

Bugfixes

  • EventLog Monitor V2: Fixed an issue losing the first record LastRecord was resetted.
  • EventLog Monitor V2: Fixed minor issues in new caching code.
  • Queue Engine: Fixed an issue in the Action retry logic which caused the same information to be reprocessed again.
  • Property Engine: Fixed an issue initializing the socket subsystem if no network action/service was used related to the toipv4address/toipv6address options.
  • Engine: Fixed multiple memory leaks when a name was resolvedto an IP address.

You can download Free Trial Version of RSyslog Windows Agent.

Scroll to top