o/~ I'm a lumberjack and I'm ok! I sleep when idle, then I ship logs all day! I parse your logs, I eat the JVM agent for lunch! o/~

Collect logs locally in preparation for processing elsewhere!

Problem: logstash jar releases are too fat for constrained systems.

Goal: Something small, fast, and light-weight to ship local logs externally.

• minimal resource usage
• configurable event data
• encryption and compression

Simple inputs only:

• follow files, respect rename/truncation conditions
• local sockets, maybe, if syslog(3) is worth supporting.
• stdin, useful for things like 'varnishlog | lumberjack ...'

Simple outputs only:

• custom wire event protocol (TBD)

# Ship apache logs in real time to somehost:12345
./lumberjack --target somehost:12345 /var/log/apache/access.log ...

# Ship apache logs with additional log fields:
./lumberjack --target foo:12345 --field host=$HOSTNAME --field role=apt-repo /mnt/apt/access.log

• Serialization: msgpack (likely)
• Encryption: SSL
• Authentication (both directions): SSL certificates
• Compression: TLS v1 comes with compression, might be sufficient.