Skip to main content
Version: Next

Syslog Server

This module allows crowdsec to expose a syslog server, and ingest logs directly from another syslog server (or any software that knows how to forward logs with syslog).

Only UDP is supported.

Syslog messages must conform either to RFC3164 or RFC5424, and can be up to 2048 bytes long by default (this value is configurable).

Configuration example#

A basic configuration is as follows:

source: sysloglisten_addr: 4242labels: type: syslog



Address on which the syslog will listen. Defaults to


UDP port used by the syslog server. Defaults to 514.


Maximum length of a syslog message (including priority and facility). Defaults to 2048.


Must be syslog.

DSN and command-line#

This module does not support command-line acquisition.