{"id":49272769,"url":"https://github.com/alaub81/syslogserver","last_synced_at":"2026-04-25T14:31:54.828Z","repository":{"id":294244315,"uuid":"986284368","full_name":"alaub81/syslogserver","owner":"alaub81","description":"Syslogserver Docker Compose Project","archived":false,"fork":false,"pushed_at":"2026-03-16T09:32:03.000Z","size":134,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-16T20:50:25.937Z","etag":null,"topics":["debugging","docker","docker-compose","loganalyzer","mariadb","shelly","supercronic","syslog-ng","syslog-server"],"latest_commit_sha":null,"homepage":"https://lhlab.wiki/wiki/Syslog-Server_Docker_Stack_mit_Webinterface_für_Log-Analyse","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alaub81.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/funding.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"buy_me_a_coffee":"alaub81"}},"created_at":"2025-05-19T11:33:25.000Z","updated_at":"2026-03-16T09:32:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"d1aded27-aa9f-4cc9-afc0-887fa6b2f241","html_url":"https://github.com/alaub81/syslogserver","commit_stats":null,"previous_names":["alaub81/syslogserver"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/alaub81/syslogserver","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alaub81%2Fsyslogserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alaub81%2Fsyslogserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alaub81%2Fsyslogserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alaub81%2Fsyslogserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alaub81","download_url":"https://codeload.github.com/alaub81/syslogserver/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alaub81%2Fsyslogserver/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32265974,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-25T09:15:33.318Z","status":"ssl_error","status_checked_at":"2026-04-25T09:15:31.997Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["debugging","docker","docker-compose","loganalyzer","mariadb","shelly","supercronic","syslog-ng","syslog-server"],"created_at":"2026-04-25T14:31:54.244Z","updated_at":"2026-04-25T14:31:54.820Z","avatar_url":"https://github.com/alaub81.png","language":"PHP","readme":"# Syslog Server Docker Stack with Web UI (LogAnalyzer)\n\nA production‑ready, multi‑container stack to ingest syslog over UDP/TCP with **syslog‑ng**, persist logs in **MariaDB**, and explore them via the **LogAnalyzer** web UI. It also ships with an optional **dbcleanup** sidecar to prune old rows and a built‑in **logrotate** scheduler for file outputs.\n\n\u003e This README matches the provided repository snapshot. See `docker-compose.yml` (prebuilt images from GHCR) and `docker-compose.dev.yml` (build locally) for two usage modes.\n\n---\n\n## Features\n\n- **syslog‑ng + MySQL (MariaDB) output**\n - Listens on UDP/TCP 514, parses Shelly device messages, writes into `SystemEvents`.\n - Healthcheck and optional log rotation via supercronic + logrotate.\n- **MariaDB** with one‑time bootstrap from `data/init.sql` (schema + indexes + daily OPTIMIZE event).\n- **LogAnalyzer (PHP/Apache)** served from `loganalyzer` container with a bind‑mounted `config.php`.\n- **Cleanup sidecar** (`dbcleanup`) that deletes old rows on a cron schedule and optimizes the table.\n- **Environment‑driven configuration** via `.env`.\n- **Multi‑arch images** (amd64/arm64) \u0026 CI pipeline (lint, build, scan, e2e).\n\n---\n\n## Architecture\n\n```txt\n+-------------+ UDP/TCP 514 +------------+ SQL (MySQL) +-----------+\n| Clients | ─────────────────▶ | syslog-ng | ────────────────▶ | MariaDB |\n+-------------+ +------------+ +-----------+\n │ ▲\n │ │\n └────────── HTTP 80 ─────────────┘\n |\n +----------+\n |LogAnalyzer|\n +----------+\n\nOptional: dbcleanup -\u003e runs scheduled DELETE/OPTIMIZE against MariaDB\n```\n\nContainers \u0026 key files:\n\n- `syslogng` (image: `ghcr.io/alaub81/syslogng` or built via `Dockerfile-syslogng`)\n - Config: `data/syslog-ng/config/*.conf`\n - Entry: `resources/syslogng-entrypoint.sh` (renders logrotate, starts supercronic + syslog‑ng)\n- `database` (image: `mariadb:latest`)\n - Init SQL: `data/init.sql` (schema, indexes, daily OPTIMIZE event)\n - Volume: `dbdata` (persistent)\n- `loganalyzer` (image: `ghcr.io/alaub81/loganalyzer` or built via `Dockerfile-loganalyzer`)\n - Config: `data/loganalyzer/config/config.php` (bind‑mounted to `/var/www/html/config.php`)\n- `dbcleanup` (optional; image: `ghcr.io/alaub81/dbcleanup` or built via `Dockerfile-dbcleanup`)\n - Script: `resources/dbcleanup.sh`\n - Entrypoint: `resources/dbcleanup-entrypoint.sh`\n\n---\n\n## Requirements\n\n- Docker Engine 24+ and Docker Compose v2\n- Open ports 514/udp and 514/tcp on the host (or customize via `.env`)\n- Outbound access to GHCR/Docker Hub (unless you build locally)\n\n---\n\n## Quick start\n\n### 1) Clone \u0026 configure\n\n```bash\ncd /opt\ngit clone https://github.com/alaub81/syslogserver.git\ncd syslogserver\ncp .env.example .env\n# Edit .env as needed (ports, DB credentials, retention, cron)\n```\n\n### 2a) Run with prebuilt images (recommended)\n\nThis uses `docker-compose.yml` and pulls images from GHCR.\n\n```bash\ndocker compose up -d\n```\n\n### 2b) Develop locally (build from Dockerfiles)\n\nThis uses `docker-compose.dev.yml` to build images on your machine.\n\n```bash\ndocker compose -f docker-compose.dev.yml --env-file .env up -d --build\n```\n\n### 3) LogAnalyzer setup (first run, if config.php does not exist)\n\nOpen `http://localhost:${LOGANALYZER_PORT}` (default 8181) and follow the wizard:\n\n- DB Type: **MySQL** (MariaDB)\n- Host: `database` · DB: `${DB_NAME}` · User: `${DB_USER}` · Password: `${DB_PASSWORD}`\n- Source table: `SystemEvents`\n\n\u003e The file `data/loganalyzer/config/config.php` is bind‑mounted as `/var/www/html/config.php`; changes persist in your working tree.\n\n---\n\n## Configuration (.env)\n\nSee `.env.example` for documented defaults. Most common settings:\n\n```dotenv\n# Timezone inside containers\nTZ=Europe/Berlin\n\n# Syslog listener ports on the HOST\nSYSLOG_UDP_PORT=514\nSYSLOG_TCP_PORT=514\n\n# LogAnalyzer (HTTP) port on the HOST\nLOGANALYZER_PORT=8181\n\n# MariaDB credentials\nDB_NAME=syslogdb\nDB_USER=syslog\nDB_PASSWORD=changeMe!\nDB_ROOT_PASSWORD=changeRoot! # only used at initial bootstrap\n\n# Log cleanup (dbcleanup container)\nLOG_RETENTION_DAYS=30 # delete rows older than N days\nDBCLEANUP_CRON=0 3 * * * # daily at 03:00\n\n# syslog-ng file rotation (if file destinations used)\nLOGROTATE_CRON=0 * * * * # hourly\nLOGROTATE_SIZE=50M # rotate at ~50 MB\nLOGROTATE_MAX_AGE_DAYS=14 # delete rotated files older than N days\nLOGROTATE_ROTATIONS=7 # keep N rotated files\n\n# Only needed when you like to build localy with docker-compose.dev.yml\n# Loganalyzer Version (https://loganalyzer.adiscon.com/download/)\nLOGANALYZER_VERSION=4.1.13\n# Configure loganalyzers Download-URL (TGZ)\nLOGANALYZER_URL=https://download.adiscon.com/loganalyzer/loganalyzer-${LOGANALYZER_VERSION}.tar.gz\n```\n\n\u003e **Tip – ServerName warning**: If Apache logs `Could not reliably determine the server's FQDN`, set `ServerName` (e.g., via a tiny conf) or ignore – it’s harmless.\n\n---\n\n## Configuration syslogng\n\nIf you like to have a debug log for the shelly devices or a raw dump log, just copy the disabled config files under `./data/syslog-ng/config/`\n\n```bash\ncp ./data/syslog-ng/config/20-shellylog.conf.disabled ./data/syslog-ng/config/20-shellylog.conf\ncp ./data/syslog-ng/config/90-rawlog.conf.disabled ./data/syslog-ng/config/90-rawlog.conf\n```\n\nand if application is already running, just restart syslogng container:\n\n```bash\ndocker compose restart syslogng\n```\n\n---\n\n## Testing the setup\n\n### Send a test message (UDP)\n\nFrom another container on the same compose network:\n\n```bash\ndocker run --rm --network $(docker network ls --format '{{.Name}}' | grep syslogserver) debian:trixie-slim bash -lc 'logger -n syslogng -P 514 -d \"hello-from-ci-$(date +%s)\"'\n```\n\n### Or with netcat (UDP)\n\n```bash\necho \"hello-from-nc\" | nc -u -w1 127.0.0.1 \"${SYSLOG_UDP_PORT}\"\n```\n\n### Verify in DB\n\n```bash\ndocker compose exec -T database sh -lc 'mariadb -u\"$MARIADB_USER\" --password=\"$MARIADB_PASSWORD\" -D \"$MARIADB_DATABASE\" -e \"SELECT COUNT(*) FROM SystemEvents;\"'\n```\n\n### Verify in loganalyzer\n\njust open up loganalyzer ui with your browser and check if the message appears.\n\n---\n\n## Health checks\n\n- **syslog-ng**: checks `syslog-ng-ctl stats` or UDP 514 socket accessible.\n- **database**: waits until MariaDB is ready \u0026 answers SQL.\n- **loganalyzer**: HTTP probe on `/`.\n\nIf a service is stuck unhealthy, inspect logs:\n\n```bash\ndocker compose logs --no-color syslogng database loganalyzer\n```\n\n---\n\n## Security notes\n\n- Replace all default passwords in `.env` before exposing ports on public networks.\n- Restrict inbound 514/udp + 514/tcp to trusted networks.\n- Keep images updated (CI can rebuild weekly and on base‑image changes).\n\n---\n\n## Development (local build)\n\n```bash\ndocker compose -f docker-compose.dev.yml --env-file .env up -d --build\n# Logs\ndocker compose logs -f --tail=200 syslogng\n```\n\nTo run linters locally (optional):\n\n- Dockerfiles: `hadolint`\n- Shell scripts: `shellcheck`\n- YAML: `yamllint`\n\n---\n\n## Troubleshooting\n\n- **No rows in DB**: check `syslogng` logs for SQL errors (credentials, table names).\n- **DeviceReportedTime/ReceivedAt errors**: ensure timestamps are passed as `YYYY-MM-DD HH:MM:SS` to MariaDB.\n- **Messages also written to files**: remove or disable file destinations in `data/syslog-ng/config/*.conf`.\n- **LogAnalyzer shows missing columns**: confirm your table matches `data/init.sql` (e.g., `ProcessID`, `EventLogType`, etc.).\n- **Healthcheck fails for syslog‑ng**: ensure `syslog-ng-ctl` exists inside the image; optionally install `netcat` if you use the fallback.\n\n---\n\n## License \u0026 Security\n\n- License: MIT (see `LICENSE`)\n- Security Policy: see `SECURITY.md` (how to report vulnerabilities)\n\n---\n\n## Changelog\n\nSee Git commit history and release notes.\n","funding_links":["https://buymeacoffee.com/alaub81"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falaub81%2Fsyslogserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falaub81%2Fsyslogserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falaub81%2Fsyslogserver/lists"}