Release 1.1.0 — see CHANGELOG.md.
rsyslog-webui is a web interface for browsing syslog events written by rsyslog into MySQL.
It includes live search, live tail, role-based access, optional Microsoft Entra ID sign-in, and MFA options (TOTP and passkeys).
This is the default deployment path when the UI is reachable on the internet (for example behind Cloudflare). docker/tls.env.example includes COMPOSE_PROFILES=tls, so Traefik starts without passing --profile tls.
-
Copy and edit secrets (domain, Let’s Encrypt email, Cloudflare DNS token, app passwords):
cp docker/tls.env.example .env.tls
-
Start:
docker compose --env-file .env.tls up -d --build
-
Open your hostname over HTTPS (for example
https://logs.example.com). On first login, create your admin username and strong password. -
Send a test syslog line to the collector:
logger -n 127.0.0.1 -P 5514 -d -t rsyslog-webui-test "hello from host"
Alternate compose files with the same .env.tls: docker-compose.tls.yml (standalone TLS stack) or docker-compose.tls-manual.yml (your own PEM files). Details: docs/deployment.md and docker/TLS.md.
-
Start:
docker compose up --build -d
-
Open
http://localhost:8080(override withWEB_PORT). -
On first login, create your admin username and strong password.
-
Test the collector as above.
Collector notes:
- Development and TLS/production stacks both accept network syslog on
5514(TCP/UDP). - The collector only forwards incoming network messages to MySQL; it does not seed demo logs.
- Producers can alternatively write directly to MySQL on the host port (default
3306, override withMYSQL_HOST_PORT) viaommysql.
PowerShell port override example (dev stack):
$env:WEB_PORT='8888'
docker compose up --build -d- Live syslog table with debounced keyword/filterset search.
- Live polling (tail-like updates) with manual refresh controls.
- Admin directory for local and Microsoft-backed users.
- Admin audit logs for sign-in attempts, access decisions, and email delivery events.
- Optional Entra ID OIDC + PKCE authentication flow.
- MFA with TOTP and WebAuthn passkeys.
- Password reset / email verification via Microsoft Graph mail.
- Installation
- Configuration
- Authentication and MFA
- Deployment and TLS
- Architecture
- Testing
- Security
- Troubleshooting
TLS deployment options (all use .env.tls from docker/tls.env.example):
- Recommended: main
docker-compose.yml—docker compose --env-file .env.tls up -d --build(COMPOSE_PROFILES=tlsis already in the example file) - Equivalent standalone file:
docker-compose.tls.yml— same Cloudflare DNS-01 ACME variables - Manual PEM files:
docker-compose.tls-manual.yml—docker/certs/tls.crtanddocker/certs/tls.key(no Cloudflare API key)
If your .env.tls does not set COMPOSE_PROFILES=tls, pass --profile tls when using the main compose file.
Details: docs/deployment.md and docker/TLS.md.
- Never commit real domains, personal emails, API tokens, client secrets, or production credentials.
- Keep
config.php,.env*, and any private secrets outside version control. - If credentials were ever committed, rotate them immediately and audit repository history (including forks and mirrors) for exposure.
Original upstream inspiration: hmsdao/bootstrap-rsyslog-ui


