Skip to main content
Syslog to Loki with Grafana Alloy

Syslog to Loki with Grafana Alloy

A simple Docker image to forward Syslog messages to Grafana Loki using Grafana Alloy

I recently created a new project called syslog-to-loki. It is a simple Docker image designed to accept Syslog messages (TCP/UDP port 514) and forward them to a Grafana Loki instance. Under the hood, it utilizes Grafana Alloy to handle the processing.

Why I built it

I needed a straightforward way to ingest syslog data from various devices (like routers or legacy systems) into my Loki stack without setting up complex collectors on every source. A centralized syslog receiver that pushes to Loki seemed like the perfect solution.

Features

  • Protocols: Supports both TCP and UDP syslog.
  • Automatic Labeling: The image automatically extracts and labels standard syslog fields:
    • source_ip: Sender's IP address
    • hostname: Sender's hostname
    • facility & severity
    • app_name: The program name

How to use it

You can get it up and running quickly with Docker. You just need a running Loki instance to point it to.

docker run -d \
  --name syslog-to-loki \
  -p 514:514/udp \
  -p 514:514/tcp \
  -e LOKI_URL="http://loki:3100/loki/api/v1/push" \
  dewgenenny/syslog-to-loki

There is currently one main environment variable to configure:

Variable Description
LOKI_URL Full URL to the Loki push API (e.g., http://localhost:3100/loki/api/v1/push)

Testing it out

Once running, you can test it using the standard logger command or netcat:

logger -n localhost -P 514 --udp -t myapp "Hello Loki"

Check out the repository on GitHub for more details: dewgenenny/syslog-to-loki.

Posted by Tom on Sat Dec 13 2025 00:00:00 GMT+0000 (Coordinated Universal Time)