Sloggo is a lightweight log collection and exploration tool designed for small to medium-sized setups where users need real-time logs without the overhead of complex systems like the JVM or a full Kubernetes cluster. As a minimal RFC 5424 syslog collector and viewer based on DuckDB, it runs as a single, resource-friendly process, ingesting logs over TCP and UDP protocols and presenting them in a clean, modern web UI. This tool is ideal for environments with modest logging volumes, such as 10 daily lines of logs, where simplicity and efficiency are paramount. Its compressed size is less than 10 MiB, emphasizing its minimal footprint and ease of deployment via quick configuration through environment variables, making it accessible for developers and system administrators seeking straightforward log management.
Many small to medium-sized setups struggle with the complexity and resource demands of traditional log management systems like ELK, Loki, or Datadog, which often require spinning up extensive infrastructure just to handle minimal logging needs. This over-engineering creates unnecessary overhead, both in terms of configuration time and computational resources, diverting attention from core development or operational tasks. Sloggo addresses this pain point by offering a streamlined alternative that eliminates the need for a full Kubernetes cluster or JVM-based solutions, allowing users to focus on their primary work rather than log system maintenance. By targeting scenarios where lightweight, real-time log ingestion is sufficient, it reduces friction and operational costs, ensuring that logging does not become a bottleneck or a source of complexity in simpler environments.
One of Sloggo's major feature groups is its support for RFC 5424 log ingestion over TCP and UDP, with configurable ports via environment variables like SLOGGO_UDP_PORT and SLOGGO_TCP_PORT. It also supports RFC 3164 parsing through the SLOGGO_LOG_FORMAT variable, which can be set to 'auto' to try RFC 5424 first and fall back to RFC 3164, ensuring compatibility with various syslog standards. This flexibility allows users to integrate Sloggo with diverse systems that emit logs in different formats, providing a unified collection point without requiring extensive customization. The ingestion process is efficient, capable of handling up to 1 million logs per second, which, while not intended for massive-scale production, offers robust performance for its target use cases, ensuring reliable log capture in real-time.
Another key feature is the clean web UI built with data-table-filters React components from OpenStatus, enabling fast search, filtering, and tailing of logs. This interface presents collected logs in an organized manner, allowing users to quickly explore and analyze log data without needing command-line expertise or external tools. The UI supports real-time updates, so as new logs are ingested, they appear dynamically, facilitating immediate monitoring and troubleshooting. This visual approach enhances usability, making log management more accessible to team members who may not be deeply technical, while still providing the depth needed for developers to drill down into specific entries, timestamps, or message contents.
admin
Sloggo includes additional capabilities such as configurable log retention via the SLOGGO_LOG_RETENTION_MINUTES environment variable, defaulting to 43200 minutes (30 days), which helps manage storage by automatically deleting older logs. It runs as a single process with minimal resource usage, emphasizing zero-config operation out of the box, though it can be customized through environment variables for listeners, ports, and formats. The tool is packaged as a Docker container, simplifying deployment with commands like docker run, and includes a health check endpoint at /api/health for monitoring its status. However, it lacks built-in security layers, so it must be used in private networks or behind secure reverse proxies, and it is currently in alpha release, not recommended for critical or sensitive data.
Overall, Sloggo works by ingesting syslog messages over enabled TCP and UDP listeners, parsing them according to the specified format (RFC 5424, RFC 3164, or auto), and storing them in a DuckDB database for efficient querying. The workflow begins with starting the container, configuring environment variables like SLOGGO_LISTENERS to enable desired protocols, and sending logs to the designated ports. Once logs are collected, they become accessible through the web UI on the SLOGGO_API_PORT, where users can search, filter, and tail them in real-time. This streamlined methodology avoids complex setups, leveraging DuckDB's performance for fast data retrieval and the single-process architecture to keep resource consumption low, ensuring a smooth end-to-end log management experience.
Concrete use cases include monitoring application logs in development environments, where developers need to quickly view debug outputs without deploying heavy logging infrastructure. For example, sending a test log via 'echo "<34>1 2025-08-04T12:00:00Z myhost sloggo - - - Hello, Sloggo" | nc localhost 6514' allows immediate verification in the UI. In small-scale production setups, such as a microservice emitting occasional errors, Sloggo can collect and display those logs in real-time, enabling rapid troubleshooting. The outcome is reduced time-to-resolution for issues, as teams can access logs through a simple web interface instead of navigating server files or complex dashboards, improving operational efficiency and minimizing downtime in non-critical scenarios.
Sloggo targets developers and system administrators in small to medium-sized setups, particularly those avoiding JVM or Kubernetes overhead for minimal logging needs. It runs on platforms supporting Docker or Podman, with a tech stack including Go for the backend, TypeScript for the frontend, and DuckDB for storage. As an alpha release from Phare, a bootstrapped company, it is not yet production-ready and lacks pricing plans, being open-source under the MIT License. The summary takeaway reinforces its primary value as a lightweight, resource-efficient syslog collector that simplifies log management for modest environments, balancing performance with simplicity to keep logging straightforward and accessible.
Sloggo targets developers and system administrators in small to medium-sized setups who need real-time log collection without the complexity of JVM-based systems or full Kubernetes clusters. It is designed for environments with modest logging volumes, such as those handling around 10 daily lines of logs, where simplicity and resource efficiency are priorities. Users include teams avoiding over-engineering for logging needs, particularly in development, testing, or light production scenarios where lightweight tools are preferred over heavy solutions like ELK, Loki, or Datadog.