Sloggo is a lightweight log collection and exploration tool. It ingests logs over TCP and UDP using the RFC 5424 Syslog protocol, stores them in DuckDB, and presents them in a clean, modern web UI.
Designed for small to medium-sized setups where you want real-time logs without spinning up the JVM or a full Kubernetes cluster to ingest 10 daily lines of logs.
It runs in a single process with minimal resource usage, quick configuration via environment variables, and is less than 10 MiB in compressed size.
Warning
Sloggo is currently in alpha release, do not use it for anything serious, it also doesn’t offer any security layer by default, only use it in a private network, or behind a secure reverse proxy.
Sloggo is made by Phare, a small bootstrapped company building shockingly good uptime monitoring, alerts, incidents, analytics, and status pages, with free Open source grants.
- Start the container with docker or podman:
docker run -p 5514:5514/udp -p 6514:6514 -p 8080:8080 \
-e SLOGGO_LISTENERS=tcp,udp \
-e SLOGGO_UDP_PORT=5514 \
-e SLOGGO_TCP_PORT=6514 \
-e SLOGGO_API_PORT=8080 \
ghcr.io/phare/sloggo:latest- Send some logs
echo "<34>1 2025-08-04T12:00:00Z myhost sloggo - - - Hello, Sloggo" | nc localhost 6514- Access the application:
- Frontend: http://localhost:8080/
- Health check endpoint: http://localhost:8080/api/health
To run the backend tests:
make testThe following environment variables can be used to configure the application:
SLOGGO_LISTENERS: Comma-separated list of listeners to enable (default:tcp,udp).SLOGGO_UDP_PORT: Port for the UDP Syslog listener (default:5514).SLOGGO_TCP_PORT: Port for the TCP Syslog listener (default:6514).SLOGGO_API_PORT: Port for the API (default:8080).SLOGGO_LOG_RETENTION_MINUTES: Duration in minutes to keep logs before deletion (default:43200- 30 days).
- RFC 5424 log ingestion over TCP and UDP
- Fast search, filtering, and tailing
- Up to 1 million logs per second ingestion rate
- Lightweight and resource-efficient single process with zero config
- Clean UI built with data-table-filters
- A replacement for full-fledged log management systems like ELK, Loki, or Datadog
- A high availability or redundancy solution
- A logging solution for critical or sensitive data
- A tool for long-term log storage or analysis
- A production-ready solution (yet)
Slug + log + Go.
🐌🤷 Some slugs and snails shoot love darts made of calcium into each other before mating.
- OpenStatus for the incredible data-table-filters React components.
- Leo Di Donato for his colossal work on go-syslog.
Contributions are welcome! Please fork the repository and submit a pull request with your changes.
This project is licensed under the MIT License. See the LICENSE file for details.