RFC 2026.04.01 — Now an Industry Standard

One log packet.
Every screen.

logHiive brings IP multicast to syslog distribution. Send once, receive everywhere. The future of enterprise observability starts April 1st.

Get Started Source on GitHub → See Architecture ↓
239.255.0.1:5514 • The Official Log Channel Zero Config • Zero Pipeline • Zero Patience Required Powered by UDP • Because Who Needs Reliability Join the Multicast Group • Your Logs Are Already There IGMP Joins Welcome • No RSVP Needed Now Compliant with RFC 2026.04.01 MQTT? Never Heard of Her No Broker • No Problem • No Guarantees 239.255.0.1:5514 • The Official Log Channel Zero Config • Zero Pipeline • Zero Patience Required Powered by UDP • Because Who Needs Reliability Join the Multicast Group • Your Logs Are Already There IGMP Joins Welcome • No RSVP Needed Now Compliant with RFC 2026.04.01 MQTT? Never Heard of Her No Broker • No Problem • No Guarantees
Live
0
Packets Multicast
since page load
×
0
Eyes on Logs
~47 subscribers × packets

Architecture

Enterprise-Grade Multicast Log Distribution

One sender. Infinite receivers. Zero extra bandwidth. Welcome to the future that was always hiding in your network stack.

Multicast Log Distribution Architecture Diagram

Why logHiive

Built for the modern* log consumer

* and by "modern" we mean 1986 RFC 966 multicast

📡

Broad Visibility

A single multicast stream reaches every consumer simultaneously. Organization-wide observability without N-to-N forwarding nightmares.

🔍

Real-Time Correlation

Security and ops teams correlate events independently, in real time, without waiting for centralized pipelines to slowly chew through your data.

Network Efficiency

Each packet is sent exactly once. The network duplicates it where needed. Your bandwidth bill will think you shut down the log pipeline entirely.

🛠

Tool Freedom

Use whatever tool you want: socat, tcpdump, a custom Go binary, or just nc piped into grep like it's 1999. We don't judge.

1

Packet Sent

Receivers

0

Guarantees of Delivery

5514

The Only Port That Matters

How It Works

Three steps to log enlightenment

If your network supports IGMP (and it probably does, hiding in shame), you're 90% there.

1

Deploy logHiive

A single Go binary. Point it at your syslog source and a multicast group. Done. Go get coffee.

2

IGMP Join

Consumers send an IGMP join to 239.255.0.1. Your switches handle the rest. Yes, the switches. They've been waiting for this moment.

3

Receive Logs

Every subscriber gets every log. In real time. Over UDP. What could possibly go wrong?

Quick Start

Up and running in seconds

No YAML. No Helm charts. No 47-page runbook. Just a binary and a dream.

terminal
# Build the forwarder
$ go build -o loghiive
 
# Start multicasting your logs to the world
$ ./loghiive -listen ":5514" -mcast "239.255.0.1:5514"
> logHiive started. Forwarding syslog to 239.255.0.1:5514
> Waiting for logs... and believers.
 
# On any receiver, subscribe to the stream
$ socat -u UDP4-RECVFROM:5514,ip-add-membership=239.255.0.1:0.0.0.0 -
<14>Mar 26 12:00:00 prod-web-01 nginx[4821]: GET /api/health 200 0.002s
<11>Mar 26 12:00:01 prod-db-03 postgres[891]: checkpoint complete
<10>Mar 26 12:00:01 prod-app-07 app[2211]: user.login succeeded uid=42
 
# Send a test message
$ echo "<14>Apr 1 00:00:00 testhost loghiive[1]: happy april fools" | nc -u -w1 127.0.0.1 5514

Move over, MQTT. logHiive is here.

Why subscribe to a broker when you can subscribe to the network itself?

Feature
MQTT
logHiive
Broker required
Yes, and it's always down
No. The network IS the broker.
Protocol
TCP (boring, reliable)
UDP (fast, thrilling)
QoS levels
0, 1, 2
0. Take it or leave it.
Message retention
Optional per-topic
If you missed it, it's gone forever
Authentication
Username/password, TLS
IGMP join. That's it. You're in.
Setup complexity
Install broker, configure ACLs, manage certs...
One binary. One flag. Done.
Vibe
Enterprise middleware
Chaotic good
Verdict: Why add a broker when your switches already know how to multicast? MQTT walked so logHiive could fly.

What People Are Saying

Endorsed by leadership*

* citations pending legal review

Multicast lets us put the right data in front of more eyes without duplicating traffic. It's a force multiplier for both security and reliability.
The CTO
Chief Technology Officer
Our analysts can now correlate events in seconds using the tools they already trust, with zero waiting on centralized pipeline changes.
Head of Security Operations
Security Operations Center
I just ran socat and suddenly I could see every log in the building. I didn't even ask for permission. Is that... is that okay?
A Concerned Intern
First week on the job

Rollout Plan

A carefully orchestrated timeline

Because even chaos needs a schedule.

Q1 2026

Enablement & Documentation

Network team enables multicast routing. Internal runbooks written. Nobody reads them.

April 1, 2026

Official Launch

Multicast log distribution goes live network-wide. Your office becomes the first fully multicast-observable building in the country.

Post-Launch

Iterative Enhancements

Topic-specific groups, TLS unicast mirrors for the paranoid, and metadata enrichment for the ambitious.

Q3 2026

World Domination

Proposal submitted to IETF. Every enterprise replaces Splunk with socat. Stock markets react.

Ready to join the multicast?

Your logs are already out there. All you have to do is listen.

IGMP Join Now