Noureddine RAMDI / Log Bull: a zero-config self-hosted log aggregation system for small teams

Created Tue, 05 May 2026 13:37:39 +0000 Modified Sat, 23 May 2026 20:41:27 +0000
958 Words
github-stars go logging docker self-hosted observability log-aggregation

logbull/logbull

Log Bull is a self-hosted log collection and viewing system designed with a focus on simplicity and minimal setup. It aims to provide developers and small teams an alternative to heavier log management stacks like ELK or Loki without sacrificing essential features such as multi-tenancy and audit trails.

what Log Bull is and how it works

At its core, Log Bull is a Go-based application packaged as a single Docker container that requires no external dependencies. This zero-config approach means you can have a fully functional log aggregation system running in under two minutes on a compatible Linux host with Docker.

The architecture revolves around ingesting logs over HTTP from virtually any programming language. The project maintains native client libraries for Python, Go, Java, JavaScript, PHP, C#, Ruby, and Rust, making integration straightforward across diverse stacks. Logs are stored locally in a mounted volume (./logbull-data), avoiding the complexity and costs of external storage or databases.

Multiple projects can be isolated within a single instance, each protected by its own API key. This supports multi-tenancy in a lightweight fashion, making it suitable for teams managing several applications or environments. The system also includes multi-user access management with granular permissions, so you control who can view or manage logs across projects.

For operational security and compliance, Log Bull logs every user action with audit trails. It supports configurable rate limiting and domain restrictions to prevent abuse and control traffic.

Minimum system requirements are modest: at least 2 CPU cores, 4 GB RAM, and 20 GB of disk storage. The storage is local, and the system provides configurable retention policies to manage disk usage based on log volume.

how Log Bull balances simplicity with enterprise features

The standout aspect of Log Bull is how it achieves a zero-config deployment without giving up features typically found in more complex logging platforms. The entire system runs as one Docker container — no external databases, no dependencies on message brokers or search engines.

This monolithic approach simplifies deployment and maintenance but comes with tradeoffs. For instance, local storage limits scalability and durability compared to distributed log systems. It’s not designed for massive volumes or enterprise-scale setups with terabytes of logs but rather for developers and smaller teams who want fast, reliable log access without the overhead.

The codebase is written in Go, which lends itself to efficient binaries, a small footprint, and easy cross-platform Docker packaging. The project’s API-first design supports HTTP log ingestion from any language, and the official client libraries reduce integration friction.

Security features such as API keys per project, multi-user permissions, and audit logging are not trivial to implement in a zero-config tool. Log Bull handles these well, striking a balance between usability and control. The rate limiting and domain restriction features are practical for protecting the service from overuse or malicious traffic.

The system health is monitored via a built-in health check endpoint, and the Docker container is configured to restart automatically unless stopped, supporting resilience in production environments.

quick start with Log Bull

The project README provides clear installation instructions with three options. The recommended method is an automated installation script for Linux that installs Docker and Docker Compose if needed, pulls the Log Bull image, sets up the container, and configures it to start on reboot. This automation reduces friction for new users.

Here is the exact installation script snippet from the README:

sudo apt-get install -y curl && \
sudo curl -sSL https://raw.githubusercontent.com/logbull/logbull/main/install-logbull.sh \
| sudo bash

Alternatively, you can run Log Bull directly with Docker:

docker run -d \
  --name logbull \
  -p 4005:4005 \
  -v ./logbull-data:/logbull-data \
  --restart unless-stopped \
  --health-cmd="curl -f http://localhost:4005/api/v1/system/health || exit 1" \
  ghcr.io/logbull/logbull:latest

The system stores logs in the mounted ./logbull-data directory, so data persists across container restarts. The health check command enables Docker to monitor container health.

Once running, you can start sending logs using the official client libraries or via direct HTTP API calls with your project’s API key.

verdict

Log Bull is a pragmatic self-hosted logging system designed with developers and small teams in mind. Its zero-config Docker deployment, combined with multi-project isolation, multi-user access control, and audit logging, offers a level of operational maturity not usually found in minimal log aggregators.

The tradeoff is clear: it doesn’t scale to enterprise-sized log volumes or distributed architectures. Storage is local, and the system is opinionated about running as a single container. If your needs are for a lightweight, easy-to-run log system that integrates cleanly with diverse stacks and provides good security controls, Log Bull is worth exploring.

For those who want an alternative to ELK or Loki without the overhead, and who value simplicity and fast setup, Log Bull delivers on its promise. It’s not for everyone, but it solves a real problem with a clear focus and minimal fuss.

→ GitHub Repo: logbull/logbull ⭐ 299 · Go