syslog-ng in Docker for logging network hosts

README.txt

Creates a syslog server that can be used to centrally collect logs from various network devices.

You'll need a Docker compose project directory structure that looks like this:
-rw-r--r-- 1 root  root   351 Jul 24 12:00 compose.yml
drwxr-xr-x 3 1000  1000  4096 Jul 24 12:00 config/
drwxr-xr-x 2 1000  1000  4096 Jul 24 12:00 logs/

The syslog-ng.conf goes in the config/ directory. Logs will be found in the logs/ directory.

Logs are rotated daily.

compose.yml

---
services:
  syslog-ng:
    image: lscr.io/linuxserver/syslog-ng:latest
    container_name: syslog-ng
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - ./config:/config
      - ./logs:/var/log
    ports:
      - 514:514/udp
      - 514:514/tcp
    restart: unless-stopped
~

syslog-ng.conf

@version:4.8
source s_udp_514 {
  network(transport("udp") port(514));
};

source s_tcp_514 {
  network(transport("tcp") port(514));
};

destination d_mesg {
  file("/var/log/$YEAR$MONTH$DAY.log");
};

log {
  source(s_udp_514);
  destination(d_mesg);
};

log {
  source(s_tcp_514);
  destination(d_mesg);
};