The syslog-ng team started publishing container images many years ago. For quite a while, it was a manual process, however, a few releases ago, publishing a container image became part of the release process. Recently, nightly container images have also become available, so you can test the latest features and bug fixes easily.
The syslog-ng images are still available under the Balabit namespace on the Docker hub. Balabit was bought by One Identity almost five years ago, and we stopped using the old company name years ago. However, there are many scripts, blogs and even books that feature this location, so changing the location would cause problems for many people. Not to mention, that moving to a new location would reset the download counter :-) Close to 50 million pulls over the years!
From this blog you can learn about the various container images the syslog-ng team provides. You can find basic information about how to use the syslog-ng container image at https://hub.docker.com/r/balabit/syslog-ng, where you can learn how to use your own syslog-ng configuration or open ports for syslog-ng.
Docker & Podman
You might have noticed that I used the word “container image” instead of “Docker image” in the title and later. Docker made containers easy to use and well known on Linux. We host the syslog-ng container image on the Docker hub. However, there are also other tools using the very same container images. For example, I use Podman on my laptop, even if you see Docker in the command line examples I provide. It is a drop-in replacement for Docker:
leap154:/usr/bin # ls -l docker lrwxrwxrwx 1 root root 6 Sep 5 15:43 docker -> podman
Latest
If you take a look at the image tags at https://hub.docker.com/r/balabit/syslog-ng/tags, you will see “latest” at the top of the list. This always points to the latest release. By the time this blog is published, it will point to version 3.38.1. It is built automatically when there is a new syslog-ng release. As syslog-ng follows a rolling release schedule, you should use balabit/syslog-ng:latest in most cases, as it has the latest features and bug fixes. You might want to use a versioned image in some special cases, when the latest version breaks something in your setup. Thanks to automatic testing, this is a very rare situation.
The command line below pulls the latest stable syslog-ng version image and shows the syslog-ng version:
leap154b:~ # docker run -it --name syslog-ng balabit/syslog-ng:latest -V WARN[0000] Path "/etc/SUSEConnect" from "/etc/containers/mounts.conf" doesn't exist, skipping WARN[0000] Path "/etc/zypp/credentials.d/SCCcredentials" from "/etc/containers/mounts.conf" doesn't exist, skipping syslog-ng 3 (3.38.1) Config version: 3.35 Installer-Version: 3.38.1 Revision: 3.38.1-1 Compile-Date: Aug 15 2022 18:58:07 Module-Directory: /usr/lib/syslog-ng/3.38 Module-Path: /usr/lib/syslog-ng/3.38 Include-Path: /usr/share/syslog-ng/include Available-Modules: add-contextual-data,afamqp,affile,afmongodb,afprog,afsmtp,afsnmp,afsocket,afsql,afstomp,afuser,appmodel,azure-auth-header,basicfuncs,cef,confgen,cryptofuncs,csvparser,dbparser,disk-buffer,examples,geoip2-plugin,graphite,hook-commands,http,json-plugin,kafka,kvformat,linux-kmsg-format,map-value-pairs,mod-python,mqtt,pacctformat,pseudofile,rate-limit-filter,redis,regexp-parser,riemann,sdjournal,secure-logging,stardate,syslogformat,system-source,tags-parser,tfgetent,timestamp,xml Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Systemd: on
Nightly
Nightly builds of syslog-ng for Debian and Ubuntu became available this year. Using these packages, you can test the latest features and bug fixes. However, these packages are of no help if you use other distributions, or you use syslog-ng in containers. Right before the 3.38.1 release, nightly builds of the syslog-ng container image became available. While the “latest” image is built from the latest syslog-ng release, the “nightly” image is built each night from a current snapshot of the syslog-ng git master branch.
The “nightly” container image is especially important now, with the upcoming syslog-ng 4.0 release. You can already try most of the 4.0 features in 3.38.1, however git snapshots add more features to test.
The command line below pulls the latest nightly container image of syslog-ng and shows the syslog-ng version:
leap154b:~ # docker run -it --name syslog-ng-nighly balabit/syslog-ng:nightly -V WARN[0000] Path "/etc/SUSEConnect" from "/etc/containers/mounts.conf" doesn't exist, skipping WARN[0000] Path "/etc/zypp/credentials.d/SCCcredentials" from "/etc/containers/mounts.conf" doesn't exist, skipping syslog-ng 3 (3.38.1.25.g81dee77) Config version: 3.35 Installer-Version: 3.38.1.25.g81dee77 Revision: 3.38.1.25.g81dee77-snapshot+20220901T232307 Compile-Date: Sep 1 2022 23:23:07 Module-Directory: /usr/lib/syslog-ng/3.38 Module-Path: /usr/lib/syslog-ng/3.38 Include-Path: /usr/share/syslog-ng/include Available-Modules: add-contextual-data,afamqp,affile,afmongodb,afprog,afsmtp,afsnmp,afsocket,afsql,afstomp,afuser,appmodel,azure-auth-header,basicfuncs,cef,confgen,cryptofuncs,csvparser,dbparser,disk-buffer,examples,geoip2-plugin,graphite,hook-commands,http,json-plugin,kafka,kvformat,linux-kmsg-format,map-value-pairs,mod-python,mqtt,pacctformat,pseudofile,rate-limit-filter,redis,regexp-parser,riemann,sdjournal,secure-logging,stardate,syslogformat,system-source,tags-parser,tfgetent,timestamp,xml Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Systemd: on
What is next?
From this blog you got an overview of the available syslog-ng container images. The syslog-ng page on the Docker hub shows you some basic usage information about the syslog-ng image. The syslog-ng blog contains additional information on how to use syslog-ng in a containerized environment under the “docker” tag: https://www.syslog-ng.com/community/tags/docker. There is also a white paper that combines most of this information into a single document: https://www.syslog-ng.com/whitepaper/logging-in-docker-using-syslogng8132325/.
-
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik.