Public | Automated Build

Last pushed: 4 months ago
Short Description
Within this image syslog-ng is installed from deb package with all of its modules
Full Description


  • Syslog-ng is installed with all of its modules
  • Within the container syslog-ng will start in foreground. This is useful because if there is some error with syslog-ng we can easily check the output console log through the docker logs [containerID] command
  • You can use your own syslog-ng.conf or fall back to use the default one

The following ports are exposed:

  • Syslog UDP: 514,
  • Syslog TCP: 601,
  • Syslog TLS: 6514

Syslog-ng will listen on these ports and forwards the logs into the file
/var/log/syslog. You can check the default configuration in the source
repository of this image.

Please check the syslog-ng image tags at the official docker repository to know what image versions exist []

Using default configuration

Assume that the following ports are not used on host machine, because they can conflict: 514, 601:

sudo docker run -it -p 514:514 -p 601:601 --name syslog-ng balabit/syslog-ng:latest

By default syslog-ng will not print any debug messages to the console. If you want to see more debug messages you need to start the containers in this way:

sudo docker run -it -p 514:514 -p 601:601 --name syslog-ng balabit/syslog-ng:latest -edv

Using custom syslog-ng configuration

You can override the default configuration by mounting a configuration file under /etc/syslog-ng/syslog-ng.conf:

sudo docker run -it -v "$PWD/syslog-ng.conf":/etc/syslog-ng/syslog-ng.conf balabit/syslog-ng:latest

Reading logs from other containers

An example is used to describe how syslog-ng can read logs from other containers.

Assume that you have already running an apache2 container which exposes its logs as a mounted volume under "/var/log/apache2/". We will read the apache logs and send them to a remote host ( The example syslog-ng configuration file is stored in the current directory as syslog-ng.conf.

@version: 3.7

source s_apache {

destination d_remote {
  tcp("" port(514));

log {

Now we can start syslog-ng:

sudo docker run -it --volumes-from [containerID for apache2] -v "$PWD/syslog-ng.conf":/etc/syslog-ng/syslog-ng.conf balabit/syslog-ng:latest

Entering into a container

Assume that your running container has a name "syslog-ng". In this case we can enter into this container by executing the following command:

sudo docker exec -it syslog-ng /bin/bash

More information

For detailed information on how to run your central log server in Docker and other Docker-related syslog-ng use cases, see the blog post Your central log server in Docker.

Docker Pull Command
Source Repository