AethonLog Documentation

Self-hosted log management for teams that want full ownership of their observability data — no per-GB billing, no vendor lock-in, no compliance footguns.

What AethonLog is

AethonLog is an end-to-end log management platform: agents on every host ship logs to a central ingest gateway, workers parse and enrich them, OpenSearch indexes them for fast search, and a Go API + React UI let you explore, correlate, and alert. It runs on your hardware — bare metal, VMs, or Kubernetes — and stores nothing outside your environment.

If you've used Splunk, Datadog Logs, or Elastic, the surface area will feel familiar. The difference is that AethonLog is self-hosted, designed for compliance-heavy industries, and licensed so a 10-TB-per-day deployment doesn't cost you a six-figure invoice.

Core capabilities

Collect — first-party agents for Linux, macOS, and Windows; native syslog (RFC 3164 / 5424) gateways; HTTP/gRPC ingest; journald, file-tail, and Windows Event Log collectors out of the box.
Parse — built-in parsers for nginx, PostgreSQL, audit logs, common SIEM formats; a YAML DSL for custom parsers; declarative field extraction and type coercion.
Search — full-text and structured queries backed by OpenSearch; saved searches; live tail; histogram + table visualizations in the UI.
Correlate — link related events across sources (auth → network → application) without writing joins; investigation workspaces preserve query state.
Alert — rule engine with threshold, anomaly, and absence detectors; webhook, email, and PagerDuty sinks; per-tenant alert routing.
Compliance — retention policies per tenant, immutable audit trail, RBAC, SAML/OIDC SSO, configurable PII redaction at ingest.
Multi-tenant — strict data isolation between organizations; per-tenant quotas, retention, and access controls; designed for MSPs.

Architecture at a glance

AethonLog is a stack of stateless services in front of three stateful systems. Each service is a single Go binary; scale-out is horizontal and per-component.

┌─────────┐    ┌──────────────────┐    ┌──────────────┐
│ agents  │───▶│ ingest-gateway   │───▶│              │
└─────────┘    │ syslog-gateway   │    │              │
               │ http-ingest      │    │   Redpanda   │
               └──────────────────┘    │  (Kafka API) │
                                       │              │
               ┌──────────────────┐    │              │
               │ parser-worker    │◀───┤              │
               │ routing-worker   │    │              │
               │ sink-connector   │───▶│  OpenSearch  │
               └──────────────────┘    └──────────────┘
                       │
                       ▼
               ┌──────────────────┐    ┌──────────────┐
               │ api-server (Go)  │───▶│ PostgreSQL   │
               │ React UI (8080)  │    │ Redis cache  │
               └──────────────────┘    └──────────────┘

State lives in PostgreSQL (metadata, tenants, users, alert rules), Redis (sessions, rate limits, query cache), and OpenSearch (log events). Streaming buffer is Redpanda. Everything else scales horizontally and can be killed and restarted without data loss.

Get started

Installation →

Prerequisites, hardware sizing, and the three install paths: Docker Compose, Podman, or Kubernetes via Helm.

Quick Start →

Five minutes from clone to first log. Bring up the dev stack, enroll an agent, watch logs stream.

Detailed Setup →

Environment variables, TLS, storage, scaling, backup, and compliance configuration for production.

The deep technical docs ship with the platform. After install, browse http://YOUR_SERVER:8080/docs/ for the full API reference, aethonctl CLI manual, admin handbook, alert rule syntax, parser DSL, and per-deployment guides. This site is the marketing-tier overview — the install ships with the manual.

License & source

AethonLog is open source. Source archives and agent binaries are available from the download section of the home page.