A lightweight, modular log processor with flow-based configuration.

• Flow-based log processing model
• Dynamic component loading
• Support for various input sources (Unix socket, file, flow chaining)
• Multiple parser types (RFC 3164, regex, passthrough)
• Flexible output options (file, TCP, memory for flow chaining)
• JSON-formatted logs
• Systemd service integration
• Clean, modern design without legacy syslog terminology

• Python 3.8 or higher
• pip3
• git

1. Clone the repository:

git clone https://github.com/pysyslog/pysyslog-lfc.git

cd pysyslog-lfc

2. Run the installation script:

sudo ./install.sh

1. Clone the repository:

git clone https://github.com/pysyslog/pysyslog-lfc.git

cd pysyslog-lfc

2. Run the installation script as administrator:

install.bat

1. Clone the repository:

git clone https://github.com/pysyslog/pysyslog-lfc.git
cd pysyslog-lfc

2. Create a virtual environment:

python3 -m venv venv
source venv/bin/activate  # Linux/macOS
venv\Scripts\activate     # Windows

3. Install dependencies:

pip install -r requirements.txt

4. Install in development mode:

pip install -e .

For detailed configuration documentation, see:

• Main Configuration
• Flow Configuration

The default main.ini file references components that are not yet implemented (see MISSING_COMPONENTS.md). For testing with currently available components, use the example configuration:

# After installation, replace the config with the working example
sudo cp /etc/pysyslog/main.ini /etc/pysyslog/main.ini.backup
sudo cp etc/pysyslog/main.ini.example /etc/pysyslog/main.ini
sudo systemctl restart pysyslog

Or use the example config directly when running manually:

pysyslog -c etc/pysyslog/main.ini.example

For quick testing without system installation:

# 1. Install in development mode (no sudo needed)
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
pip install -e .

# 2. Run the test script to verify everything works
python3 test_example_config.py

# 3. Test with example configuration (runs in foreground, press Ctrl+C to stop)
python3 -m pysyslog -c etc/pysyslog/main.ini.example --log-level DEBUG

Note: In development mode, you don't need /etc/pysyslog/ or systemd. Just use the config files from the repository directly (e.g., etc/pysyslog/main.ini.example).

Start PySyslog LFC:

# Linux/macOS (system installation)
sudo pysyslog

# Or specify a custom config file
sudo pysyslog -c /path/to/config.ini

# Windows
pysyslog

Before deploying to production, test with the example configuration:

# 1. Test configuration loading
python3 -c "import sys; sys.path.insert(0, 'src'); from pysyslog.config import ConfigLoader; loader = ConfigLoader(); config = loader.load('etc/pysyslog/main.ini.example'); print(f'Loaded {len(config.flows)} flows')"

# 2. Run the test script
python3 test_example_config.py

# 3. Test manually with example config
python3 -m pysyslog -c etc/pysyslog/main.ini.example --log-level DEBUG

sudo systemctl start pysyslog
sudo systemctl stop pysyslog
sudo systemctl restart pysyslog
sudo systemctl status pysyslog

sudo launchctl start com.pysyslog
sudo launchctl stop com.pysyslog
sudo launchctl unload /Library/LaunchDaemons/com.pysyslog.plist
sudo launchctl load /Library/LaunchDaemons/com.pysyslog.plist

net start pysyslog
net stop pysyslog

# View service logs
sudo journalctl -u pysyslog -f

# View service status
sudo systemctl status pysyslog

# View application logs (if configured to write to files)
sudo tail -f /var/log/pysyslog/*.log

When running manually, logs appear in stdout/stderr. For testing:

# Run with debug logging
python3 -m pysyslog -c etc/pysyslog/main.ini.example --log-level DEBUG

sudo log show --predicate 'process == "pysyslog"' --last 5m

Get-EventLog -LogName Application -Source pysyslog

1. Check the configuration file syntax:

   python3 -c "import sys; sys.path.insert(0, 'src'); from pysyslog.config import ConfigLoader; ConfigLoader().load('/etc/pysyslog/main.ini')"

2. Check service logs:

   sudo journalctl -u pysyslog -n 50

3. Test configuration manually:

   sudo -u pysyslog /usr/bin/pysyslog -c /etc/pysyslog/main.ini --log-level DEBUG

• Ensure all referenced components are implemented (see MISSING_COMPONENTS.md)
• Use main.ini.example for testing with available components
• Check that component types match registered components in components/registry.py

1. Prerequisites:

   sudo apt-get update
   sudo apt-get install -y python3 python3-pip python3-dev git

2. Clone and Install:

   git clone https://github.com/pysyslog/pysyslog-lfc.git
   cd pysyslog-lfc
   sudo ./install.sh

3. Configure for Testing:

   # Backup original config
   sudo cp /etc/pysyslog/main.ini /etc/pysyslog/main.ini.original
   
   # Use working example config
   sudo cp etc/pysyslog/main.ini.example /etc/pysyslog/main.ini
   
   # Restart service
   sudo systemctl restart pysyslog
   
   # Check status
   sudo systemctl status pysyslog

4. Verify Installation:

   # Check service is running
   sudo systemctl status pysyslog
   
   # View logs
   sudo journalctl -u pysyslog -f
   
   # Test the executable
   /usr/bin/pysyslog --help

For development and testing without system-wide installation:

# 1. Clone repository
git clone https://github.com/pysyslog/pysyslog-lfc.git
cd pysyslog-lfc

# 2. Create virtual environment
python3 -m venv venv
source venv/bin/activate

# 3. Install in development mode
pip install -e .

# 4. Run tests
python3 test_example_config.py

# 5. Run with example config
python3 -m pysyslog -c etc/pysyslog/main.ini.example --log-level DEBUG

pysyslog-lfc/
├── bin/                    # Executable scripts
├── docs/                   # Documentation
│   └── configuration/      # Configuration docs
├── etc/                    # Configuration files
│   ├── pysyslog/
│   │   ├── main.ini
│   │   └── conf.d/
│   ├── systemd/           # Linux service files
│   ├── launchd/           # macOS service files
│   └── windows/           # Windows service files
├── lib/                    # Python package
│   └── pysyslog/
│       ├── __init__.py
│       ├── main.py
│       ├── config.py
│       ├── flow.py
│       ├── components.py
│       ├── inputs/         # Input components
|       ├── filters/        # Filter components
│       ├── parsers/        # Parser components
│       └── outputs/        # Output components
├── install.sh             # Linux/macOS installation script
├── install.bat            # Windows installation script
├── requirements.txt       # Python dependencies
└── setup.py              # Python package setup

1. Create a new component file in the appropriate directory:

   • src/pysyslog/inputs/ for input components
   • src/pysyslog/filters/ for filter components
   • src/pysyslog/parsers/ for parser components
   • src/pysyslog/outputs/ for output components
   • src/pysyslog/formats/ for format components

2. Implement the required interface (inherit from base classes in components/base.py)

3. Register the component in src/pysyslog/components/registry.py:

   BUILTIN_INPUTS = {
       "your_component": "pysyslog.inputs.your_component:YourComponentClass",
   }

4. Update the __init__.py in the component's directory to export the class

5. Test your component:

   python3 test_example_config.py

See MISSING_COMPONENTS.md for a list of components that need to be implemented.

MIT License - see LICENSE file for details.