diff --git a/charts/superstream/templates/deployment-syslog.yaml b/charts/superstream/templates/deployment-syslog.yaml
index 1e6c3b0..96d2e34 100644
--- a/charts/superstream/templates/deployment-syslog.yaml
+++ b/charts/superstream/templates/deployment-syslog.yaml
@@ -33,12 +33,14 @@ spec:
       - name: syslog-ng
         {{ include "superstream.image" (merge (pick $.Values "global") .Values.syslog.image) | nindent 8 }}
           {{- if .Values.syslog.extraEnv }}
-          {{- range .Values.syslog.extraEnv }}              
+          {{- range .Values.syslog.extraEnv }}                    
         env:
           - name: {{ .name }}
             value: {{ .value | quote }}
         {{- end }}
-        {{- end }}         
+        {{- end }}      
+        securityContext:
+          {{- toYaml .Values.syslog.securityContext | nindent 12 }}           
         ports:
           - name: syslog
             containerPort: {{ .Values.syslog.service.port }}
diff --git a/charts/superstream/values.yaml b/charts/superstream/values.yaml
index 0686493..b0fe8e4 100644
--- a/charts/superstream/values.yaml
+++ b/charts/superstream/values.yaml
@@ -96,11 +96,11 @@ superstreamEngine:
   podSecurityContext: {}
   # fsGroup: 2000
 
-  securityContext: {}
+  securityContext:
   # capabilities:
   #   drop:
   #   - ALL
-  # readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: true
   # runAsNonRoot: true
   # runAsUser: 1000
   serviceAccount:
@@ -237,6 +237,13 @@ syslog:
     prometheus.io/scrape: 'false'
   podSecurityContext:
     fsGroup: 911
+  securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+    # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000    
   remoteSyslog:
     destinationHost: telegraf
     port: 6514