SysLog Logging

Added in version 1.9.0: SysLog UDP logging support added to RADKit Service

RADKit Service supports sending log messages to remote SysLog servers via UDP protocol. This feature enables centralized log collection and monitoring by forwarding RADKit’s structured log messages to external logging systems like rsyslog, syslog-ng, Elasticsearch, or cloud-based log aggregation services.

Note

SysLog logging uses UDP protocol (RFC 3164) and sends messages in text format with full nglog formatting, including timestamps, tags, and structured fields.

Configuration

SysLog logging can be enabled through Service configuration or command-line arguments when starting the RADKit Service.

Service Configuration File

Add the following to your Service configuration file (settings.toml):

[service.logging]
syslog_enabled = true
syslog_host = "192.168.1.100"    # IP address or hostname of SysLog server
syslog_port = 514                # Standard SysLog port (514)
syslog_json = false              # Send messages in JSON format (default: false)

Command-Line Arguments

You can also enable SysLog logging using command-line arguments:

radkit-service run --setting service.logging.syslog_enabled true \
                   --setting service.logging.syslog_host 192.168.1.100 \
                   --setting service.logging.syslog_port 514 \
                   --setting service.logging.syslog_json true

Message Format

SysLog messages can be sent in two formats: text format (default) or JSON format.

Text Format

When syslog_json = false (default), messages are sent with full nglog text formatting:

<14>2025-07-17T08:44:26.057Z INFO  | internal | MainThread radkit_common.utils.hypercorn [AUDIT] Starting HTTP server [bind=[':::12081']]
<12>2025-07-17T08:44:26.058Z WARNING | internal | MainThread radkit_service.launcher [SYSTEM] Certificate will expire soon [days_remaining=30]

The text format includes:

  • Priority: Standard SysLog priority in angle brackets (e.g., <14>)

  • Timestamp: ISO 8601 UTC timestamp with microsecond precision

  • Level: Log level (INFO, WARNING, etc.)

  • Context: Internal context information (internal)

  • Thread: Thread name (MainThread)

  • Logger: Fully qualified logger name

  • Tags: Structured tags in brackets ([AUDIT], [SYSTEM])

  • Message: The actual log message

  • Fields: Additional structured fields in brackets ([bind=[':::12081']])

JSON Format

When syslog_json = true, messages are sent in structured JSON format:

<14>{"timestamp": "2025-07-17T08:44:26.057170Z", "level": "INFO", "thread": "MainThread", "object": "radkit_common.utils.hypercorn", "tags": "[AUDIT]", "message": "Starting HTTP server", "context": "internal", "fields": {"bind": [":::12081"]}}

The JSON format provides structured data that is easier to parse and analyze in log aggregation systems. Each message includes the same information as text format but structured as JSON fields for better machine readability.

Error Handling

SysLog logging is designed to be non-blocking and fault-tolerant:

  • If the SysLog server is unreachable, messages are silently dropped

  • Network errors don’t affect the Service’s operation

  • Failed SysLog handler initialization shows a warning but doesn’t prevent Service startup

  • Console and file logging continue to work even if SysLog fails

Example warning when SysLog server is unavailable:

RuntimeWarning: Failed to initialize SysLog handler: [Errno 111] Connection refused

Troubleshooting

SysLog messages not appearing

  • Verify the SysLog server is running and listening on the specified port

  • Check network connectivity between RADKit Service and SysLog server

  • Ensure firewall rules allow UDP traffic on the SysLog port

  • Verify the SysLog server accepts messages from the RADKit Service host

High message volume

  • Adjust syslog_level to a higher level (e.g., INFO instead of TRACE)

  • Configure rate limiting in your SysLog server

  • Consider using structured field filtering in your SysLog configuration

Network performance concerns

  • SysLog uses UDP which has minimal performance impact

  • Messages are sent asynchronously without blocking Service operations

  • Consider local SysLog aggregation for high-throughput environments

Testing SysLog connectivity

Use logger command to test SysLog server connectivity (POSIX systems only):

logger -n 192.168.1.100 -P 514 "Test message from RADKit host"

Security Considerations

  • SysLog messages are sent in plain text over UDP

  • Log messages may contain sensitive information (device names, IP addresses, etc.)

  • Consider using VPN or secure network segments for SysLog traffic

  • Implement proper access controls on SysLog servers

  • For enhanced security, consider using secure log aggregation solutions with encryption

Note

For production environments handling sensitive data, consider implementing additional security measures such as log encryption, secure transport protocols, or dedicated logging network segments.